Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

667 advisories

Loading
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform... High Unreviewed
CVE-2016-8346 was published May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could... Moderate Unreviewed
CVE-2017-5137 was published May 17, 2022
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log... High Unreviewed
CVE-2022-32556 was published Jul 22, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in... Moderate Unreviewed
CVE-2022-36321 was published Jul 21, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged... Moderate Unreviewed
CVE-2022-31674 was published Aug 11, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016... High Unreviewed
CVE-2017-5153 was published May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and... High Unreviewed
CVE-2016-9344 was published May 17, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log... Moderate Unreviewed
CVE-2016-8912 was published May 17, 2022
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive... Low Unreviewed
CVE-2016-0296 was published May 17, 2022
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8... High Unreviewed
CVE-2015-8977 was published May 17, 2022
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token... Moderate Unreviewed
CVE-2022-32217 was published Sep 25, 2022
django-anymail Includes Sensitive Information in Log Files High
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
check-spelling workflow vulnerable to token leakage via symlink attack Critical
CVE-2021-32724 was published for check-spelling/check-spelling (GitHub Actions) Jul 29, 2022
justinsteven
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by... Low Unreviewed
CVE-2016-2943 was published May 17, 2022
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive... Moderate Unreviewed
CVE-2016-2928 was published May 17, 2022
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local... Moderate Unreviewed
CVE-2016-5967 was published May 17, 2022
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive... Moderate Unreviewed
CVE-2021-39011 was published Jan 20, 2023
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in... Moderate Unreviewed
CVE-2022-35719 was published Nov 14, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were... High Unreviewed
CVE-2022-27895 was published Nov 16, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where... High Unreviewed
CVE-2022-27896 was published Nov 15, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The... Moderate Unreviewed
CVE-2022-33187 was published Dec 9, 2022
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could... Moderate Unreviewed
CVE-2022-20651 was published Jun 23, 2022
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could... Moderate Unreviewed
CVE-2019-1953 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API