GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
294 advisories
Filter by severity
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal...
Low
Unreviewed
CVE-2020-16128
was published
May 24, 2022
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2020-4846
was published
May 24, 2022
PackageKit provided detailed error messages to unprivileged callers that exposed information...
Low
Unreviewed
CVE-2020-16121
was published
May 24, 2022
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive...
Moderate
Unreviewed
CVE-2019-4547
was published
May 24, 2022
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the...
Moderate
Unreviewed
CVE-2020-15794
was published
May 24, 2022
Using XMLHttpRequest, an attacker could have identified installed applications by probing error...
Moderate
Unreviewed
CVE-2021-43542
was published
Dec 9, 2021
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2019-4729
was published
May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an...
Moderate
Unreviewed
CVE-2020-6438
was published
May 24, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the...
Moderate
Unreviewed
CVE-2022-2760
was published
Sep 29, 2022
Server metadata could be exposed because one of the error messages reflected the whole response...
Moderate
Unreviewed
CVE-2019-12156
was published
May 24, 2022
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and...
Moderate
Unreviewed
CVE-2019-3730
was published
May 24, 2022
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON...
Low
Unreviewed
CVE-2019-9455
was published
May 24, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that...
Moderate
Unreviewed
CVE-2021-40338
was published
Jan 29, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and...
Moderate
Unreviewed
CVE-2019-4485
was published
May 24, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and...
Moderate
Unreviewed
CVE-2019-4484
was published
May 24, 2022
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Moderate
CVE-2022-31189
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid...
Moderate
Unreviewed
CVE-2020-19275
was published
May 24, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could...
Moderate
Unreviewed
CVE-2021-39018
was published
Jul 15, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information...
Moderate
Unreviewed
CVE-2022-31229
was published
Jun 29, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
Dev error stack trace leaking into prod in Play Framework
Moderate
CVE-2022-31023
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is...
Moderate
Unreviewed
CVE-2022-26973
was published
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API