GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
285 advisories
Filter by severity
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during...
Critical
Unreviewed
CVE-2023-40767
was published
Aug 28, 2023
User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during...
Critical
Unreviewed
CVE-2023-40765
was published
Aug 28, 2023
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during...
Critical
Unreviewed
CVE-2023-40766
was published
Aug 28, 2023
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during...
Critical
Unreviewed
CVE-2023-40760
was published
Aug 28, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow...
Moderate
Unreviewed
CVE-2023-26272
was published
Aug 28, 2023
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated...
Moderate
Unreviewed
CVE-2023-32755
was published
Aug 25, 2023
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system...
Moderate
Unreviewed
CVE-2023-35009
was published
Aug 17, 2023
Jenkins Folders Plugin information disclosure vulnerability
Moderate
CVE-2023-40338
was published
for
org.jenkins-ci.plugins:cloudbees-folder
(Maven)
Aug 16, 2023
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using...
Moderate
Unreviewed
CVE-2023-31429
was published
Aug 1, 2023
IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when...
Moderate
Unreviewed
CVE-2020-4868
was published
Jul 31, 2023
Server information leak of configuration data when an error is generated in response to a...
High
Unreviewed
CVE-2023-25948
was published
Jul 13, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can...
High
Unreviewed
CVE-2023-37306
was published
Jun 30, 2023
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the...
Low
Unreviewed
CVE-2023-34339
was published
Jun 1, 2023
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when...
Moderate
Unreviewed
CVE-2023-28514
was published
May 19, 2023
In affected versions of Octopus Deploy it is possible to discover network details via error message
Moderate
Unreviewed
CVE-2022-4870
was published
May 18, 2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error...
Moderate
Unreviewed
CVE-2023-27860
was published
Apr 27, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
High
CVE-2023-29193
was published
for
github.com/authzed/spicedb
(Go)
Apr 13, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4770
was published
Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4769
was published
Apr 3, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an...
Moderate
Unreviewed
CVE-2023-25687
was published
Mar 21, 2023
Sensitive Information in Error Messages in Apache Airflow
Moderate
CVE-2023-25695
was published
for
apache-airflow
(pip)
Mar 15, 2023
ProTip!
Advisories are also available from the
GraphQL API