Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

406 advisories

Loading
Wildfly logs plaintext passwords Moderate
CVE-2020-25640 was published for org.wildfly:wildfly-parent (Maven) Feb 15, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage... Moderate Unreviewed
CVE-2022-34882 was published Sep 7, 2022
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts... Moderate Unreviewed
CVE-2021-44155 was published Dec 14, 2021
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4770 was published Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4769 was published Apr 3, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an... Moderate Unreviewed
CVE-2023-25687 was published Mar 21, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7... High Unreviewed
CVE-2020-5026 was published Mar 2, 2023
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions Moderate
CVE-2023-26051 was published for Saleor (pip) Mar 3, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated... Moderate Unreviewed
CVE-2023-0655 was published Feb 14, 2023
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A... Moderate Unreviewed
CVE-2022-46675 was published Feb 11, 2023
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks... Critical Unreviewed
CVE-2017-7551 was published May 14, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote... High Unreviewed
CVE-2019-4269 was published May 24, 2022
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure... Moderate Unreviewed
CVE-2019-4257 was published May 24, 2022
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generates an error message that... Moderate Unreviewed
CVE-2019-4219 was published May 24, 2022
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote... Moderate Unreviewed
CVE-2021-46353 was published Mar 5, 2022
Generation of Error Message Containing Sensitive Information in microweber High
CVE-2022-0660 was published for microweber/microweber (Composer) Feb 19, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT Moderate
CVE-2022-0622 was published for snipe/snipe-it (Composer) Feb 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database