Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

680 advisories

Loading
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A... Moderate Unreviewed
CVE-2021-36340 was published Nov 21, 2021
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This... Moderate Unreviewed
CVE-2021-21561 was published Nov 24, 2021
Sensitive information could be logged. The following products are affected: Acronis Agent ... High Unreviewed
CVE-2021-34800 was published Nov 30, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application... High Unreviewed
CVE-2021-38283 was published Nov 30, 2021
SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default... Moderate Unreviewed
CVE-2021-36718 was published Dec 9, 2021
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when... High Unreviewed
CVE-2021-37861 was published Dec 10, 2021
In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN... Moderate Unreviewed
CVE-2021-0997 was published Dec 16, 2021
In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a... Low Unreviewed
CVE-2021-0991 was published Dec 16, 2021
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage... Moderate Unreviewed
CVE-2021-36318 was published Dec 22, 2021
Apache NiFi Insertion of Sensitive Information into Log File Moderate
CVE-2020-1928 was published for org.apache.nifi:nifi-parameter (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi High
CVE-2020-1942 was published for org.apache.nifi:nifi-framework-core (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache NiFi Stateless High
CVE-2020-9486 was published for org.apache.nifi:nifi-stateless (Maven) Jan 6, 2022
Insertion of Sensitive Information into Log File in Apache Geode High
CVE-2021-34797 was published for org.apache.geode:geode-core (Maven) Jan 6, 2022
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions <... High Unreviewed
CVE-2021-45034 was published Jan 12, 2022
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token... Moderate Unreviewed
CVE-2021-45449 was published Jan 13, 2022
SAP Business One - version 10.0, extended log stores information that can be of a sensitive... Moderate Unreviewed
CVE-2021-44234 was published Jan 15, 2022
IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in... Moderate Unreviewed
CVE-2021-39032 was published Jan 15, 2022
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and... Moderate Unreviewed
CVE-2022-22703 was published Jan 18, 2022
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated... Low Unreviewed
CVE-2021-41808 was published Jan 19, 2022
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure... High Unreviewed
CVE-2021-36289 was published Jan 27, 2022
Insertion of Sensitive Information into Log File and Improper Output Neutralization for Logs in ansible Moderate
CVE-2020-14332 was published for ansible (pip) Feb 9, 2022
jhampson-dbre
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2022-20630 was published Feb 11, 2022
An information exposure through log file vulnerability exists in the Palo Alto Networks... Moderate Unreviewed
CVE-2022-0021 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API