Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,064 advisories

Loading
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http... Low Unreviewed
CVE-2023-31413 was published May 4, 2023
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies Low
CVE-2023-26049 was published for org.eclipse.jetty:jetty-server (Maven) Apr 18, 2023
arxenix jeffalder
Credited to arxenix and jeffalder
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9... Low Unreviewed
CVE-2023-0838 was published Apr 5, 2023
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a... Low Unreviewed
CVE-2021-3923 was published Mar 27, 2023
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness... Low Unreviewed
CVE-2023-1075 was published Mar 27, 2023
Juiker app stores debug logs which contains sensitive information to mobile external storage. An... Low Unreviewed
CVE-2022-39043 was published Mar 27, 2023
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the... Low Unreviewed
CVE-2022-41862 was published Mar 3, 2023
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api... Low Unreviewed
CVE-2023-27266 was published Feb 27, 2023
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially... Low Unreviewed
CVE-2023-24069 was published Jan 23, 2023
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm... Low Unreviewed
CVE-2022-42266 was published Dec 31, 2022
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release... Low Unreviewed
CVE-2022-39904 was published Dec 8, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Credited to JLLeitschuh and jkmartindale
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
Credited to emilytrau and JJJollyjim
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
Credited to leonwxqian, corhere, and neersighted
"IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is... Low Unreviewed
CVE-2022-42442 was published Nov 4, 2022
The issue was addressed with additional restrictions on the observability of app states. This... Low Unreviewed
CVE-2022-32913 was published Nov 2, 2022
This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An... Low Unreviewed
CVE-2022-32835 was published Nov 2, 2022
A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS... Low Unreviewed
CVE-2022-32870 was published Nov 2, 2022
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local... Low Unreviewed
CVE-2022-39848 was published Oct 7, 2022
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated... Low Unreviewed
CVE-2022-31221 was published Sep 13, 2022
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local... Low Unreviewed
CVE-2022-36878 was published Sep 10, 2022
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard... Low Unreviewed
CVE-2022-37438 was published Aug 17, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting... Low Unreviewed
CVE-2022-2394 was published Jul 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database