Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

294 advisories

Loading
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal... Low Unreviewed
CVE-2020-16128 was published May 24, 2022
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2020-4846 was published May 24, 2022
PackageKit provided detailed error messages to unprivileged callers that exposed information... Low Unreviewed
CVE-2020-16121 was published May 24, 2022
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive... Moderate Unreviewed
CVE-2019-4547 was published May 24, 2022
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the... Moderate Unreviewed
CVE-2020-15794 was published May 24, 2022
Using XMLHttpRequest, an attacker could have identified installed applications by probing error... Moderate Unreviewed
CVE-2021-43542 was published Dec 9, 2021
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2019-4729 was published May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an... Moderate Unreviewed
CVE-2020-6438 was published May 24, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the... Moderate Unreviewed
CVE-2022-2760 was published Sep 29, 2022
Server metadata could be exposed because one of the error messages reflected the whole response... Moderate Unreviewed
CVE-2019-12156 was published May 24, 2022
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and... Moderate Unreviewed
CVE-2019-3730 was published May 24, 2022
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON... Low Unreviewed
CVE-2019-9455 was published May 24, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and... Moderate Unreviewed
CVE-2019-4485 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and... Moderate Unreviewed
CVE-2019-4484 was published May 24, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid... Moderate Unreviewed
CVE-2020-19275 was published May 24, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39018 was published Jul 15, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information... Moderate Unreviewed
CVE-2022-31229 was published Jun 29, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26973 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database