GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
208 advisories
Filter by severity
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given...
Moderate
Unreviewed
CVE-2018-2379
was published
May 13, 2022
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism...
High
Unreviewed
CVE-2018-17961
was published
May 13, 2022
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace...
Critical
Unreviewed
CVE-2018-14925
was published
May 13, 2022
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill...
Critical
Unreviewed
CVE-2018-11325
was published
May 13, 2022
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user...
Moderate
Unreviewed
CVE-2017-1370
was published
May 13, 2022
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3...
Moderate
Unreviewed
CVE-2018-10624
was published
May 13, 2022
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0...
Critical
Unreviewed
CVE-2017-7945
was published
May 13, 2022
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using...
Moderate
Unreviewed
CVE-2019-7550
was published
May 13, 2022
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of...
Moderate
Unreviewed
CVE-2018-14907
was published
May 13, 2022
Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP...
Moderate
Unreviewed
CVE-2010-3332
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
High
Unreviewed
CVE-2019-9223
was published
May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2021-39023
was published
May 7, 2022
When handling a mismatched pre-authentication cookie, the application leaks the internal error...
Moderate
Unreviewed
CVE-2022-26070
was published
May 7, 2022
The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain...
Moderate
Unreviewed
CVE-2013-6879
was published
May 5, 2022
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0...
Moderate
Unreviewed
CVE-2021-43206
was published
May 5, 2022
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to...
Moderate
Unreviewed
CVE-2000-1191
was published
Apr 30, 2022
An information disclosure vulnerability was discovered in glusterfs server. An attacker could...
Moderate
Unreviewed
CVE-2018-10913
was published
Apr 30, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error...
High
Unreviewed
CVE-2022-29266
was published
Apr 21, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0...
Moderate
Unreviewed
CVE-2021-39033
was published
Apr 20, 2022
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14...
Moderate
Unreviewed
CVE-2022-1120
was published
Apr 5, 2022
An attacker can gain knowledge of a session temporary working folder where the getfile and...
High
Unreviewed
CVE-2021-32937
was published
Apr 3, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This...
Moderate
Unreviewed
CVE-2021-35251
was published
Mar 11, 2022
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote...
Moderate
Unreviewed
CVE-2021-46353
was published
Mar 5, 2022
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support....
Moderate
Unreviewed
CVE-2022-0563
was published
Feb 22, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
ProTip!
Advisories are also available from the
GraphQL API