GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software...
High
Unreviewed
CVE-2017-16629
was published
May 24, 2022
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information...
High
Unreviewed
CVE-2021-29688
was published
May 24, 2022
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2021-20393
was published
May 24, 2022
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed...
High
Unreviewed
CVE-2020-4584
was published
May 24, 2022
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote...
High
Unreviewed
CVE-2019-4269
was published
May 24, 2022
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in...
High
Unreviewed
CVE-2018-8042
was published
May 13, 2022
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism...
High
Unreviewed
CVE-2018-17961
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
High
Unreviewed
CVE-2019-9223
was published
May 13, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2021-39023
was published
May 7, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error...
High
Unreviewed
CVE-2022-29266
was published
Apr 21, 2022
An attacker can gain knowledge of a session temporary working folder where the getfile and...
High
Unreviewed
CVE-2021-32937
was published
Apr 3, 2022
Generation of Error Message Containing Sensitive Information in microweber
High
CVE-2022-0660
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of...
High
Unreviewed
CVE-2022-22162
was published
Jan 20, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Authorization header is not sanitized in an error object in auth0
High
CVE-2020-15125
was published
for
auth0
(npm)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API