Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated... Moderate Unreviewed
CVE-2023-32755 was published Aug 25, 2023
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system... Moderate Unreviewed
CVE-2023-35009 was published Aug 17, 2023
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using... Moderate Unreviewed
CVE-2023-31429 was published Aug 1, 2023
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when... Moderate Unreviewed
CVE-2020-4868 was published Jul 31, 2023
Server information leak of configuration data when an error is generated in response to a... High Unreviewed
CVE-2023-25948 was published Jul 13, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can... High Unreviewed
CVE-2023-37306 was published Jun 30, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Low
CVE-2023-34110 was published for Flask-AppBuilder (pip) Jun 22, 2023
msegoviag
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the... Low Unreviewed
CVE-2023-34339 was published Jun 1, 2023
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when... Moderate Unreviewed
CVE-2023-28514 was published May 19, 2023
In affected versions of Octopus Deploy it is possible to discover network details via error message Moderate Unreviewed
CVE-2022-4870 was published May 18, 2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error... Moderate Unreviewed
CVE-2023-27860 was published Apr 27, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4769 was published Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4770 was published Apr 3, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an... Moderate Unreviewed
CVE-2023-25687 was published Mar 21, 2023
Sensitive Information in Error Messages in Apache Airflow Moderate
CVE-2023-25695 was published for apache-airflow (pip) Mar 15, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions Moderate
CVE-2023-26051 was published for Saleor (pip) Mar 3, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions Low
CVE-2023-26052 was published for saleor (pip) Mar 2, 2023
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7... High Unreviewed
CVE-2020-5026 was published Mar 2, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated... Moderate Unreviewed
CVE-2023-0655 was published Feb 14, 2023
ProTip! Advisories are also available from the GraphQL API