Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,593 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch High
CVE-2018-3831 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2017-12616 was published for org.apache.tomcat:tomcat-catalina (Maven) May 14, 2022
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this... High Unreviewed
CVE-2010-1432 was published Apr 21, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix... High Unreviewed
CVE-2022-27241 was published Apr 13, 2022
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management... High Unreviewed
CVE-2022-27667 was published Apr 13, 2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 High Unreviewed
CVE-2022-27849 was published Apr 16, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which... High Unreviewed
CVE-2021-43287 was published Apr 15, 2022
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download... High Unreviewed
CVE-2022-26591 was published Apr 7, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
It was observed that while login into Business-central console, HTTP request discloses sensitive... High Unreviewed
CVE-2019-14839 was published Apr 3, 2022
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical... High Unreviewed
CVE-2022-0709 was published Apr 5, 2022
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A... High Unreviewed
CVE-2021-21980 was published Nov 25, 2021
The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10... High Unreviewed
CVE-2022-27192 was published Mar 25, 2022
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to... High Unreviewed
CVE-2022-25571 was published Mar 25, 2022
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to... High Unreviewed
CVE-2022-25568 was published Mar 25, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with... High Unreviewed
CVE-2011-0291 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database