Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39018 was published Jul 15, 2022
An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid... Moderate Unreviewed
CVE-2020-19275 was published May 24, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and... Moderate Unreviewed
CVE-2019-4484 was published May 24, 2022
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and... Moderate Unreviewed
CVE-2019-4485 was published May 24, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON... Low Unreviewed
CVE-2019-9455 was published May 24, 2022
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and... Moderate Unreviewed
CVE-2019-3730 was published May 24, 2022
Server metadata could be exposed because one of the error messages reflected the whole response... Moderate Unreviewed
CVE-2019-12156 was published May 24, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the... Moderate Unreviewed
CVE-2022-2760 was published Sep 29, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an... Moderate Unreviewed
CVE-2020-6438 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2019-4729 was published May 24, 2022
Using XMLHttpRequest, an attacker could have identified installed applications by probing error... Moderate Unreviewed
CVE-2021-43542 was published Dec 9, 2021
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the... Moderate Unreviewed
CVE-2020-15794 was published May 24, 2022
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive... Moderate Unreviewed
CVE-2019-4547 was published May 24, 2022
PackageKit provided detailed error messages to unprivileged callers that exposed information... Low Unreviewed
CVE-2020-16121 was published May 24, 2022
IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2020-4846 was published May 24, 2022
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal... Low Unreviewed
CVE-2020-16128 was published May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2,... Moderate Unreviewed
CVE-2020-4761 was published May 24, 2022
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could... Moderate Unreviewed
CVE-2020-4897 was published May 24, 2022
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2020-4487 was published May 24, 2022
If exploited, this vulnerability could allow attackers to gain sensitive information via... Low Unreviewed
CVE-2020-2505 was published May 24, 2022
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2020-4842 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API