Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

337 advisories

Loading
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to... Moderate Unreviewed
CVE-2019-14782 was published May 24, 2022
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which... Moderate Unreviewed
CVE-2022-25518 was published Mar 24, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be... Moderate Unreviewed
CVE-2022-28774 was published May 12, 2022
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15508 was published May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20807 was published May 28, 2022
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-15507 was published May 24, 2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway... Moderate Unreviewed
CVE-2022-20809 was published May 27, 2022
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6... Moderate Unreviewed
CVE-2022-30733 was published Jun 8, 2022
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized... Moderate Unreviewed
CVE-2022-32193 was published Jun 14, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Business Process... Moderate Unreviewed
CVE-2021-1576 was published May 24, 2022
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-30148 was published Jun 16, 2022
rsyslog uses weak permissions for generating log files, which allows local users to obtain... Moderate Unreviewed
CVE-2015-3243 was published May 17, 2022
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and... Moderate Unreviewed
CVE-2022-20768 was published Jul 7, 2022
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in... Moderate Unreviewed
CVE-2022-33911 was published Jul 13, 2022
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be... Moderate Unreviewed
CVE-2016-9985 was published May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could... Moderate Unreviewed
CVE-2017-5137 was published May 17, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in... Moderate Unreviewed
CVE-2022-36321 was published Jul 21, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged... Moderate Unreviewed
CVE-2022-31674 was published Aug 11, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log... Moderate Unreviewed
CVE-2016-8912 was published May 17, 2022
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token... Moderate Unreviewed
CVE-2022-32217 was published Sep 25, 2022
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive... Moderate Unreviewed
CVE-2016-2928 was published May 17, 2022
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local... Moderate Unreviewed
CVE-2016-5967 was published May 17, 2022
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive... Moderate Unreviewed
CVE-2021-39011 was published Jan 20, 2023
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in... Moderate Unreviewed
CVE-2022-35719 was published Nov 14, 2022
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The... Moderate Unreviewed
CVE-2022-33187 was published Dec 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database