Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

988 advisories

Loading
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Sensitive Data Exposure in loopback Low
GHSA-724c-6vrf-99rq was published for loopback (npm) Sep 2, 2020
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to... Low Unreviewed
CVE-2021-0983 was published Dec 16, 2021
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure... Low Unreviewed
CVE-2010-4525 was published May 17, 2022
HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows... Low Unreviewed
CVE-2015-5448 was published May 17, 2022
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows... Low Unreviewed
CVE-2010-2913 was published May 17, 2022
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2... Low Unreviewed
CVE-2015-4537 was published May 17, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain... Low Unreviewed
CVE-2015-3778 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java Low
CVE-2017-3589 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse Low
CVE-2014-0085 was published for org.jboss.fuse:jboss-fuse (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin Low
CVE-2017-2651 was published for org.jenkins-ci.plugins:mailer (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Low
CVE-2017-2603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local... Low Unreviewed
CVE-2022-36878 was published Sep 10, 2022
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0... Low Unreviewed
CVE-2020-7262 was published May 24, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of... Low Unreviewed
CVE-2021-20478 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database