Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39018 was published Jul 15, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Possible leak of key's raw field if declared length is incorrect High
CVE-2022-31124 was published for openssh-key-parser (pip) Jul 6, 2022
mike-arnica
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information... Moderate Unreviewed
CVE-2022-31229 was published Jun 29, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26973 was published Jun 3, 2022
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure... Moderate Unreviewed
CVE-2020-27015 was published May 24, 2022
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace... Moderate Unreviewed
CVE-2019-4377 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-38981 was published May 24, 2022
A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-40126 was published May 24, 2022
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to... Moderate Unreviewed
CVE-2021-35060 was published May 24, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-20552 was published May 24, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1546 was published May 24, 2022
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2021-20377 was published May 24, 2022
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that... Moderate Unreviewed
CVE-2020-4941 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-20485 was published May 24, 2022
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2021-20508 was published May 24, 2022
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker... Moderate Unreviewed
CVE-2021-35947 was published May 24, 2022
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors... High Unreviewed
CVE-2021-25958 was published May 24, 2022
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private... Moderate Unreviewed
CVE-2021-22249 was published May 24, 2022
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software... High Unreviewed
CVE-2017-16629 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database