GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
667 advisories
Filter by severity
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform...
High
Unreviewed
CVE-2016-8346
was published
May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could...
Moderate
Unreviewed
CVE-2017-5137
was published
May 17, 2022
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log...
High
Unreviewed
CVE-2022-32556
was published
Jul 22, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in...
Moderate
Unreviewed
CVE-2022-36321
was published
Jul 21, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged...
Moderate
Unreviewed
CVE-2022-31674
was published
Aug 11, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016...
High
Unreviewed
CVE-2017-5153
was published
May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and...
High
Unreviewed
CVE-2016-9344
was published
May 17, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log...
Moderate
Unreviewed
CVE-2016-8912
was published
May 17, 2022
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive...
Low
Unreviewed
CVE-2016-0296
was published
May 17, 2022
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8...
High
Unreviewed
CVE-2015-8977
was published
May 17, 2022
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token...
Moderate
Unreviewed
CVE-2022-32217
was published
Sep 25, 2022
django-anymail Includes Sensitive Information in Log Files
High
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
check-spelling workflow vulnerable to token leakage via symlink attack
Critical
CVE-2021-32724
was published
for
check-spelling/check-spelling
(GitHub Actions)
Jul 29, 2022
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by...
Low
Unreviewed
CVE-2016-2943
was published
May 17, 2022
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive...
Moderate
Unreviewed
CVE-2016-2928
was published
May 17, 2022
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local...
Moderate
Unreviewed
CVE-2016-5967
was published
May 17, 2022
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive...
Moderate
Unreviewed
CVE-2021-39011
was published
Jan 20, 2023
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in...
Moderate
Unreviewed
CVE-2022-35719
was published
Nov 14, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were...
High
Unreviewed
CVE-2022-27895
was published
Nov 16, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where...
High
Unreviewed
CVE-2022-27896
was published
Nov 15, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The...
Moderate
Unreviewed
CVE-2022-33187
was published
Dec 9, 2022
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could...
Moderate
Unreviewed
CVE-2022-20651
was published
Jun 23, 2022
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could...
Moderate
Unreviewed
CVE-2019-1953
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API