GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,593 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
High
CVE-2018-3831
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2017-12616
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 14, 2022
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this...
High
Unreviewed
CVE-2010-1432
was published
Apr 21, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix...
High
Unreviewed
CVE-2022-27241
was published
Apr 13, 2022
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management...
High
Unreviewed
CVE-2022-27667
was published
Apr 13, 2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
High
Unreviewed
CVE-2022-27849
was published
Apr 16, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which...
High
Unreviewed
CVE-2021-43287
was published
Apr 15, 2022
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download...
High
Unreviewed
CVE-2022-26591
was published
Apr 7, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker...
High
Unreviewed
CVE-2021-20049
was published
Dec 24, 2021
It was observed that while login into Business-central console, HTTP request discloses sensitive...
High
Unreviewed
CVE-2019-14839
was published
Apr 3, 2022
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical...
High
Unreviewed
CVE-2022-0709
was published
Apr 5, 2022
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A...
High
Unreviewed
CVE-2021-21980
was published
Nov 25, 2021
The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10...
High
Unreviewed
CVE-2022-27192
was published
Mar 25, 2022
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to...
High
Unreviewed
CVE-2022-25571
was published
Mar 25, 2022
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to...
High
Unreviewed
CVE-2022-25568
was published
Mar 25, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with...
High
Unreviewed
CVE-2011-0291
was published
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
High
CVE-2022-25512
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
ProTip!
Advisories are also available from the
GraphQL API