GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-43021
was published
Dec 1, 2023
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Moderate
CVE-2023-47636
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Nov 15, 2023
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
High
CVE-2023-46240
was published
for
codeigniter4/framework
(Composer)
Oct 30, 2023
The response messages received from the eSOMS report generation using certain parameter queries...
Moderate
Unreviewed
CVE-2023-5514
was published
Nov 1, 2023
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router...
High
Unreviewed
CVE-2023-41027
was published
Sep 22, 2023
Apache Superset may expose internal traces on REST API endpoints
Moderate
CVE-2023-39264
was published
for
apache-superset
(pip)
Sep 6, 2023
Jenkins Folders Plugin information disclosure vulnerability
Moderate
CVE-2023-40338
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2021-1546
was published
May 24, 2022
ghinstallation returns app JWT in error responses
Moderate
CVE-2022-39304
was published
for
github.com/bradleyfalzon/ghinstallation
(Go)
Dec 19, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core
Moderate
CVE-2022-31047
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Wildfly logs plaintext passwords
Moderate
CVE-2020-25640
was published
for
org.wildfly:wildfly-parent
(Maven)
Feb 15, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage...
Moderate
Unreviewed
CVE-2022-34882
was published
Sep 7, 2022
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts...
Moderate
Unreviewed
CVE-2021-44155
was published
Dec 14, 2021
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4770
was published
Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4769
was published
Apr 3, 2023
ProTip!
Advisories are also available from the
GraphQL API