Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

406 advisories

Loading
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product... Moderate Unreviewed
CVE-2024-21866 was published Feb 2, 2024
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3... Moderate Unreviewed
CVE-2018-10624 was published May 13, 2022
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error... Moderate Unreviewed
CVE-2024-21619 was published Jan 26, 2024
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device... Moderate Unreviewed
CVE-2023-49107 was published Jan 16, 2024
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed... Moderate Unreviewed
CVE-2023-45701 was published Dec 28, 2023
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an... Moderate Unreviewed
CVE-2023-27319 was published Dec 22, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-47703 was published Dec 20, 2023
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2... Moderate Unreviewed
CVE-2023-42013 was published Dec 20, 2023
Due to improper error handling, a REST API resource could expose a server side error containing... Moderate Unreviewed
CVE-2023-6839 was published Dec 15, 2023
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user... Moderate Unreviewed
CVE-2023-48393 was published Dec 15, 2023
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a... Moderate Unreviewed
CVE-2023-49878 was published Dec 13, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-43021 was published Dec 1, 2023
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document Moderate
CVE-2023-47636 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 15, 2023
xcapri
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
The response messages received from the eSOMS report generation using certain parameter queries... Moderate Unreviewed
CVE-2023-5514 was published Nov 1, 2023
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router... High Unreviewed
CVE-2023-41027 was published Sep 22, 2023
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1546 was published May 24, 2022
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database