Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2022-22449 was published Dec 24, 2022
When importing resources using Web Workers, error messages would distinguish the difference... Moderate Unreviewed
CVE-2022-22760 was published Dec 22, 2022
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured... Moderate Unreviewed
CVE-2022-40292 was published Nov 1, 2022
In affected versions of Octopus Server it is possible to reveal the existence of resources in a... Moderate Unreviewed
CVE-2022-2508 was published Oct 27, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This... Moderate Unreviewed
CVE-2022-38107 was published Oct 20, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the... Moderate Unreviewed
CVE-2022-2760 was published Sep 29, 2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage... Moderate Unreviewed
CVE-2022-34882 was published Sep 7, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6... Moderate Unreviewed
CVE-2021-39086 was published Aug 17, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39018 was published Jul 15, 2022
Possible leak of key's raw field if declared length is incorrect Moderate
CVE-2022-31124 was published for openssh-key-parser (pip) Jul 6, 2022
mike-arnica
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information... Moderate Unreviewed
CVE-2022-31229 was published Jun 29, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26973 was published Jun 3, 2022
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure... Moderate Unreviewed
CVE-2020-27015 was published May 24, 2022
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace... Moderate Unreviewed
CVE-2019-4377 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-38981 was published May 24, 2022
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-40126 was published May 24, 2022
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to... Moderate Unreviewed
CVE-2021-35060 was published May 24, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-20552 was published May 24, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1546 was published May 24, 2022
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2021-20377 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database