Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Jenkins exposes multi-line secrets through error messages Moderate
CVE-2024-47803 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
CKAN may leak Solr credentials via error message in package_search action Moderate
CVE-2024-41674 was published for ckan (pip) Aug 21, 2024
FuhuXia
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-43376 was published for Umbraco.Cms.Api.Management (NuGet) Aug 20, 2024
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
jupyter-server errors include tracebacks with path information Moderate
CVE-2023-49080 was published for jupyter-server (pip) Dec 5, 2023
krsecu
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document Moderate
CVE-2023-47636 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 15, 2023
xcapri
Google Sheets data source plugin for Grafana information disclosure vulnerability Moderate
CVE-2023-4457 was published for github.com/grafana/google-sheets-datasource (Go) Oct 16, 2023
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Sensitive Information in Error Messages in Apache Airflow Moderate
CVE-2023-25695 was published for apache-airflow (pip) Mar 15, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions Moderate
CVE-2023-26051 was published for Saleor (pip) Mar 3, 2023
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Generation of Error Message Containing Sensitive Information in Elasticsearch Moderate
CVE-2021-22145 was published for org.elasticsearch.client:elasticsearch-rest-client (Maven) May 24, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details Moderate
CVE-2019-14433 was published for nova (pip) May 24, 2022
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database