Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26973 was published Jun 3, 2022
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure... Moderate Unreviewed
CVE-2020-27015 was published May 24, 2022
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace... Moderate Unreviewed
CVE-2019-4377 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-38981 was published May 24, 2022
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-40126 was published May 24, 2022
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to... Moderate Unreviewed
CVE-2021-35060 was published May 24, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-20552 was published May 24, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1546 was published May 24, 2022
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2021-20377 was published May 24, 2022
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that... Moderate Unreviewed
CVE-2020-4941 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-20485 was published May 24, 2022
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2021-20508 was published May 24, 2022
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker... Moderate Unreviewed
CVE-2021-35947 was published May 24, 2022
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors... High Unreviewed
CVE-2021-25958 was published May 24, 2022
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private... Moderate Unreviewed
CVE-2021-22249 was published May 24, 2022
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software... High Unreviewed
CVE-2017-16629 was published May 24, 2022
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-29767 was published May 24, 2022
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote... Moderate Unreviewed
CVE-2021-29766 was published May 24, 2022
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote... Moderate Unreviewed
CVE-2021-20430 was published May 24, 2022
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2021-29784 was published May 24, 2022
Generation of Error Message Containing Sensitive Information in Elasticsearch Moderate
CVE-2021-22145 was published for org.elasticsearch.client:elasticsearch-rest-client (Maven) May 24, 2022
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2021-20523 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API