GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
jupyter-server errors include tracebacks with path information
Moderate
CVE-2023-49080
was published
for
jupyter-server
(pip)
Dec 5, 2023
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Moderate
CVE-2023-47636
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Nov 15, 2023
Google Sheets data source plugin for Grafana information disclosure vulnerability
Moderate
CVE-2023-4457
was published
for
github.com/grafana/google-sheets-datasource
(Go)
Oct 16, 2023
Apache Superset may expose internal traces on REST API endpoints
Moderate
CVE-2023-39264
was published
for
apache-superset
(pip)
Sep 6, 2023
Jenkins Folders Plugin information disclosure vulnerability
Moderate
CVE-2023-40338
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
Sensitive Information in Error Messages in Apache Airflow
Moderate
CVE-2023-25695
was published
for
apache-airflow
(pip)
Mar 15, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Moderate
CVE-2023-26051
was published
for
Saleor
(pip)
Mar 3, 2023
ghinstallation returns app JWT in error responses
Moderate
CVE-2022-39304
was published
for
github.com/bradleyfalzon/ghinstallation
(Go)
Dec 19, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Moderate
CVE-2022-31189
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core
Moderate
CVE-2022-31047
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Dev error stack trace leaking into prod in Play Framework
Moderate
CVE-2022-31023
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Generation of Error Message Containing Sensitive Information in Elasticsearch
Moderate
CVE-2021-22145
was published
for
org.elasticsearch.client:elasticsearch-rest-client
(Maven)
May 24, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
Moderate
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API