GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails...
Moderate
Unreviewed
CVE-2019-12903
was published
May 24, 2022
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x...
Moderate
Unreviewed
CVE-2014-8161
was published
May 17, 2022
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain...
Moderate
Unreviewed
CVE-2013-6879
was published
May 5, 2022
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request...
Moderate
Unreviewed
CVE-2020-9351
was published
May 24, 2022
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive...
Low
Unreviewed
CVE-2022-32756
was published
Mar 22, 2024
** DISPUTED ** A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user...
Moderate
Unreviewed
CVE-2019-12215
was published
May 24, 2022
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue...
Moderate
Unreviewed
CVE-2024-2009
was published
Feb 29, 2024
An email address enumeration vulnerability exists in the password reset function of SEO Panel...
Moderate
Unreviewed
CVE-2024-22646
was published
Jan 30, 2024
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product...
Moderate
Unreviewed
CVE-2024-21866
was published
Feb 2, 2024
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3...
Moderate
Unreviewed
CVE-2018-10624
was published
May 13, 2022
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error...
Moderate
Unreviewed
CVE-2024-21619
was published
Jan 26, 2024
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device...
Moderate
Unreviewed
CVE-2023-49107
was published
Jan 16, 2024
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support....
Moderate
Unreviewed
CVE-2022-0563
was published
Feb 22, 2022
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed...
Moderate
Unreviewed
CVE-2023-45701
was published
Dec 28, 2023
ONTAP Mediator versions prior to 1.7 are susceptible to a
vulnerability that can allow an...
Moderate
Unreviewed
CVE-2023-27319
was published
Dec 22, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-47703
was published
Dec 20, 2023
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2...
Moderate
Unreviewed
CVE-2023-42013
was published
Dec 20, 2023
Due to improper error handling, a REST API resource could expose a server side error containing...
Moderate
Unreviewed
CVE-2023-6839
was published
Dec 15, 2023
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user...
Moderate
Unreviewed
CVE-2023-48393
was published
Dec 15, 2023
jupyter-server errors include tracebacks with path information
Moderate
CVE-2023-49080
was published
for
jupyter-server
(pip)
Dec 5, 2023
IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a...
Moderate
Unreviewed
CVE-2023-49878
was published
Dec 13, 2023
ProTip!
Advisories are also available from the
GraphQL API