Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Authorization header is not sanitized in an error object in auth0 High
CVE-2020-15125 was published for auth0 (npm) Jul 29, 2020
osdiab
An attacker can gain knowledge of a session temporary working folder where the getfile and... High Unreviewed
CVE-2021-32937 was published Apr 3, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error... High Unreviewed
CVE-2022-29266 was published Apr 21, 2022
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed... High Unreviewed
CVE-2020-4584 was published May 24, 2022
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain... High Unreviewed
CVE-2021-20393 was published May 24, 2022
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information... High Unreviewed
CVE-2021-29688 was published May 24, 2022
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software... High Unreviewed
CVE-2017-16629 was published May 24, 2022
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors... High Unreviewed
CVE-2021-25958 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain... High Unreviewed
CVE-2021-39023 was published May 7, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... High Unreviewed
CVE-2019-9223 was published May 13, 2022
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism... High Unreviewed
CVE-2018-17961 was published May 13, 2022
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in... High Unreviewed
CVE-2018-8042 was published May 13, 2022
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages... High Unreviewed
CVE-2022-33930 was published Aug 11, 2022
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2022-35715 was published Aug 11, 2022
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of... High Unreviewed
CVE-2022-22162 was published Jan 20, 2022
Generation of Error Message Containing Sensitive Information in microweber High
CVE-2022-0660 was published for microweber/microweber (Composer) Feb 19, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote... High Unreviewed
CVE-2019-4269 was published May 24, 2022
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information High
CVE-2023-25956 was published for apache-airflow-providers-amazon (pip) Feb 24, 2023
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7... High Unreviewed
CVE-2020-5026 was published Mar 2, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database