Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router... High Unreviewed
CVE-2023-41027 was published Sep 22, 2023
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
Exposure of sensitive information in ClickHouse High
CVE-2024-23689 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
FrameworkUserBundle Generates Error Message Containing Sensitive Information High
CVE-2015-10012 was published for sumocoders/framework-user-bundle (Composer) Jan 3, 2023
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can... High Unreviewed
CVE-2023-37306 was published Jun 30, 2023
Server information leak of configuration data when an error is generated in response to a... High Unreviewed
CVE-2023-25948 was published Jul 13, 2023
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain... High Unreviewed
CVE-2023-33835 was published Aug 31, 2023
.NET Framework Information Disclosure Vulnerability High Unreviewed
CVE-2024-29059 was published Mar 23, 2024
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-28939 was published Apr 9, 2024
Shopware database password is leaked to an unauthenticated users High
CVE-2020-13997 was published for shopware/core (Composer) May 24, 2022
mitelg
Duplicate Advisory: Juju leaks of the sensitive context ID High
GHSA-8c64-q78q-87r6 was published for github.com/juju/juju (Go) Jul 29, 2024 withdrawn
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm High
GHSA-6vjm-54vp-mxhx was published for github.com/juju/juju (Go) Aug 5, 2024
phvalguima manadart
SimonRichardson hpidcock lucistanescu eslerm
OpenStack Nova Server Resource Faults Leak External Exception Details High
CVE-2019-14433 was published for nova (pip) May 24, 2022
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api... High Unreviewed
CVE-2024-39719 was published Oct 31, 2024
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs... High Unreviewed
CVE-2024-51560 was published Nov 4, 2024
Grafana User enumeration via forget password High
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails High
CVE-2024-23945 was published for org.apache.hive:hive-service (Maven) Dec 23, 2024
Information Exposure Through an Error Message vulnerability in Progress Software Corporation... High Unreviewed
CVE-2024-11625 was published Jan 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database