Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3... Moderate Unreviewed
CVE-2018-10624 was published May 13, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0... Critical Unreviewed
CVE-2017-7945 was published May 13, 2022
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using... Moderate Unreviewed
CVE-2019-7550 was published May 13, 2022
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of... Moderate Unreviewed
CVE-2018-14907 was published May 13, 2022
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP... Moderate Unreviewed
CVE-2010-3332 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... High Unreviewed
CVE-2019-9223 was published May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain... High Unreviewed
CVE-2021-39023 was published May 7, 2022
When handling a mismatched pre-authentication cookie, the application leaks the internal error... Moderate Unreviewed
CVE-2022-26070 was published May 7, 2022
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain... Moderate Unreviewed
CVE-2013-6879 was published May 5, 2022
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0... Moderate Unreviewed
CVE-2021-43206 was published May 5, 2022
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to... Moderate Unreviewed
CVE-2000-1191 was published Apr 30, 2022
An information disclosure vulnerability was discovered in glusterfs server. An attacker could... Moderate Unreviewed
CVE-2018-10913 was published Apr 30, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error... High Unreviewed
CVE-2022-29266 was published Apr 21, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0... Moderate Unreviewed
CVE-2021-39033 was published Apr 20, 2022
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14... Moderate Unreviewed
CVE-2022-1120 was published Apr 5, 2022
An attacker can gain knowledge of a session temporary working folder where the getfile and... High Unreviewed
CVE-2021-32937 was published Apr 3, 2022
Path Disclosure within joomla/filesystem class Moderate
CVE-2022-23794 was published for joomla/filesystem (Composer) Mar 31, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Sensitive information could be displayed when a detailed technical error message is posted. This... Moderate Unreviewed
CVE-2021-35251 was published Mar 11, 2022
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote... Moderate Unreviewed
CVE-2021-46353 was published Mar 5, 2022
Ansible discloses sensitive information in traceback error message Moderate
CVE-2021-3620 was published for ansible (pip) Mar 4, 2022
jhutchings1
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support.... Moderate Unreviewed
CVE-2022-0563 was published Feb 22, 2022
Generation of Error Message Containing Sensitive Information in microweber High
CVE-2022-0660 was published for microweber/microweber (Composer) Feb 19, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT Moderate
CVE-2022-0622 was published for snipe/snipe-it (Composer) Feb 18, 2022
ProTip! Advisories are also available from the GraphQL API