Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

731 advisories

Loading
Sensitive Data Exposure in sequelize-cli Low
GHSA-3xc7-xg67-pw99 was published for sequelize-cli (npm) Jun 5, 2019
Log injection in SimpleSAMLphp Low
CVE-2020-5225 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
Information Exposure in cordova-android High
CVE-2016-6799 was published for cordova-android (npm) Sep 11, 2020
Helm OCI credentials leaked into Argo CD logs Moderate
GHSA-6w87-g839-9wv7 was published for github.com/argoproj/argo-cd (Go) May 21, 2021
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to... Moderate Unreviewed
CVE-2019-14782 was published May 24, 2022
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Insertion of Sensitive Information into Log File in ansible Moderate
CVE-2021-20180 was published for ansible (pip) Mar 17, 2022
KamilaBorowska
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which... Moderate Unreviewed
CVE-2022-25518 was published Mar 24, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application... High Unreviewed
CVE-2021-38283 was published Nov 30, 2021
In ArrayMap, there is a possible leak of the content of SMS messages due to log information... Low Unreviewed
CVE-2021-39739 was published Mar 31, 2022
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information... High Unreviewed
CVE-2022-27442 was published Apr 5, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can... High Unreviewed
CVE-2021-45103 was published Apr 7, 2022
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to... Low Unreviewed
CVE-2022-1157 was published Apr 12, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be... Moderate Unreviewed
CVE-2022-28774 was published May 12, 2022
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions... Low Unreviewed
CVE-2022-36877 was published Sep 10, 2022
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15508 was published May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20807 was published May 28, 2022
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15507 was published May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20809 was published May 27, 2022
Exposure of Sensitive Information in Gradle publish plugin Moderate
CVE-2020-7599 was published for com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database