Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting Moderate
CVE-2025-43776 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 9, 2025
Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate
CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025
TYPO3 CMS exposes sensitive information in an error message Moderate
CVE-2025-59016 was published for typo3/cms-core (Composer) Sep 9, 2025
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2025-53803 was published Sep 9, 2025
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a... Moderate Unreviewed
CVE-2025-48562 was published Sep 4, 2025
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0... Moderate Unreviewed
CVE-2025-9229 was published Aug 20, 2025
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under... Moderate Unreviewed
CVE-2025-52619 was published Aug 16, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Moderate Unreviewed
CVE-2024-41983 was published Aug 12, 2025
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the... Moderate Unreviewed
CVE-2025-47813 was published Jul 10, 2025
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2024-37524 was published Jul 10, 2025
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2025-36090 was published Jul 10, 2025
Generation of Error Message Containing Sensitive Information in Elasticsearch Moderate
CVE-2021-22145 was published for org.elasticsearch.client:elasticsearch-rest-client (Maven) May 24, 2022
Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.... Moderate Unreviewed
CVE-2025-40718 was published Jul 8, 2025
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2025-5731 was published for org.infinispan:infinispan-cli-client (Maven) Jun 27, 2025
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support.... Moderate Unreviewed
CVE-2022-0563 was published Feb 22, 2022
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation Moderate
CVE-2025-49128 was published for com.fasterxml.jackson.core:jackson-core (Maven) Jun 7, 2025
lucasdrufva gwittel
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2024-56342 was published Jun 6, 2025
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages Moderate
CVE-2021-29040 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2025-25025 was published May 28, 2025
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user... Moderate Unreviewed
CVE-2025-40653 was published May 26, 2025
Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which... Moderate Unreviewed
CVE-2025-41441 was published May 26, 2025
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the... Moderate Unreviewed
CVE-2022-2760 was published Sep 29, 2022
An administrator could discover another account's credentials. Moderate Unreviewed
CVE-2025-46746 was published May 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database