Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,972 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security Moderate
CVE-2012-5055 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and... Moderate Unreviewed
CVE-2021-25232 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and... Moderate Unreviewed
CVE-2021-25230 was published May 24, 2022
In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to... Moderate Unreviewed
CVE-2021-0321 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Low
CVE-2017-2603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-2606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-2600 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan... Moderate Unreviewed
CVE-2021-25240 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan... Moderate Unreviewed
CVE-2021-25242 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan... Moderate Unreviewed
CVE-2021-25243 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan... Moderate Unreviewed
CVE-2021-25233 was published May 24, 2022
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification... Moderate Unreviewed
CVE-2020-11607 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Low
CVE-2013-2071 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
In netdiag, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2021-0403 was published May 24, 2022
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key... Moderate Unreviewed
CVE-2020-11946 was published May 24, 2022
CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote... Moderate Unreviewed
CVE-2020-11662 was published May 24, 2022
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain... Moderate Unreviewed
CVE-2020-11547 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Moderate
CVE-2017-1000399 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File... High Unreviewed
CVE-2020-12112 was published May 24, 2022
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local... Low Unreviewed
CVE-2022-36878 was published Sep 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2019-7619 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel... Moderate Unreviewed
CVE-2020-10966 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database