Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50... High Unreviewed
CVE-2021-45651 was published Dec 27, 2021
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000... High Unreviewed
CVE-2021-45650 was published Dec 27, 2021
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. High Unreviewed
CVE-2021-45654 was published Dec 27, 2021
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352... High Unreviewed
CVE-2021-45653 was published Dec 27, 2021
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Credited to gregorydlogan, lkiesow, and smarquard
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation... High Unreviewed
CVE-2021-24945 was published Dec 14, 2021
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4... High Unreviewed
CVE-2021-37935 was published Dec 11, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37067 was published Dec 8, 2021
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials... High Unreviewed
CVE-2021-43963 was published Dec 8, 2021
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A... High Unreviewed
CVE-2021-21980 was published Nov 25, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37010 was published Nov 24, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible High
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Splash authentication credentials potentially leaked to target websites High
CVE-2021-41124 was published for scrapy-splash (pip) Oct 6, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
LiveQuery publishes user session tokens in parse-server High
CVE-2021-41109 was published for parse-server (npm) Sep 30, 2021
dblythy
Credited to dblythy
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario High
CVE-2021-40690 was published for org.apache.santuario:xmlsec (Maven) Sep 20, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2021-25122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database