Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an... High Unreviewed
CVE-2018-17484 was published May 13, 2022
A potential remote code execution and information disclosure vulnerability exists in Micro Focus... High Unreviewed
CVE-2018-18590 was published May 13, 2022
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena... High Unreviewed
CVE-2018-19643 was published May 13, 2022
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and... High Unreviewed
CVE-2018-1090 was published May 13, 2022
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST... High Unreviewed
CVE-2018-1086 was published May 13, 2022
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for... High Unreviewed
CVE-2018-1097 was published May 13, 2022
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure... High Unreviewed
CVE-2018-1191 was published May 13, 2022
IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to... High Unreviewed
CVE-2018-1476 was published May 13, 2022
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to... High Unreviewed
CVE-2018-1467 was published May 13, 2022
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to... High Unreviewed
CVE-2018-1553 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the... High Unreviewed
CVE-2018-1614 was published May 13, 2022
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in... High Unreviewed
CVE-2018-1675 was published May 13, 2022
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP... High Unreviewed
CVE-2018-2402 was published May 13, 2022
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any... High Unreviewed
CVE-2018-5386 was published May 13, 2022
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS... High Unreviewed
CVE-2018-5436 was published May 13, 2022
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... High Unreviewed
CVE-2018-5430 was published May 13, 2022
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version... High Unreviewed
CVE-2018-6487 was published May 13, 2022
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the... High Unreviewed
CVE-2019-3803 was published May 13, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information High
CVE-2013-7400 was published for directmailteam/direct-mail (Composer) May 13, 2022
IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. The... High Unreviewed
CVE-2018-1732 was published May 13, 2022
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version... High Unreviewed
CVE-2017-5803 was published May 13, 2022
Apache Wicket Sensitive Data Exposure High
CVE-2014-3526 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the... High Unreviewed
CVE-2016-5409 was published May 13, 2022
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database