GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,120
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
265 advisories
Filter by severity
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2022-35640
was published
Jul 17, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2024-39737
was published
Jul 15, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-50953
was published
Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-35119
was published
Jun 30, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a...
Moderate
Unreviewed
CVE-2024-35156
was published
Jun 29, 2024
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2024-35155
was published
Jun 28, 2024
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system...
Moderate
Unreviewed
CVE-2023-35009
was published
Aug 17, 2023
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
Google Sheets data source plugin for Grafana information disclosure vulnerability
Moderate
CVE-2023-4457
was published
for
github.com/grafana/google-sheets-datasource
(Go)
Oct 16, 2023
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Path Disclosure within joomla/filesystem class
Moderate
CVE-2022-23794
was published
for
joomla/filesystem
(Composer)
Mar 31, 2022
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain...
Low
Unreviewed
CVE-2023-23474
was published
May 3, 2024
OpenStack Nova Server Resource Faults Leak External Exception Details
Moderate
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Generation of Error Message Containing Sensitive Information in Keycloak
Low
CVE-2020-1717
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Windows TCP/IP Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-21313
was published
Jan 9, 2024
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during...
Critical
Unreviewed
CVE-2023-40765
was published
Aug 28, 2023
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS...
Moderate
Unreviewed
CVE-2019-11602
was published
May 24, 2022
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during...
Critical
Unreviewed
CVE-2023-40759
was published
Aug 28, 2023
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-28939
was published
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API