Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated... High Unreviewed
CVE-2023-39214 was published Aug 9, 2023
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD... High Unreviewed
CVE-2023-37486 was published Aug 8, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure... High Unreviewed
CVE-2023-4139 was published Aug 4, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8... High Unreviewed
CVE-2023-3993 was published Aug 2, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
Credited to Boegie19, derrickmehaffy, innerdvations, Marc-Roig, and Bassel17
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
Credited to dkarlovi
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An... High Unreviewed
CVE-2023-27877 was published Jul 19, 2023
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs... High Unreviewed
CVE-2023-26026 was published Jul 19, 2023
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all... High Unreviewed
CVE-2023-2268 was published Jul 15, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Credited to greenu
JavaScript pre-processing can be used by the attacker to gain access to the file system (read... High Unreviewed
CVE-2023-29450 was published Jul 13, 2023
Apache Airflow information disclosure vulnerability High
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
Decidim vulnerable to sensitive data disclosure High
CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023
p- ahukkanen
alecslupu
Credited to p-, ahukkanen, and alecslupu
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
Mattermost Sever fails to redact the DB username and password before emitting an application log... High Unreviewed
CVE-2023-2514 was published Jul 6, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Credited to MHC03 and christianmeller
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in... High Unreviewed
CVE-2023-28770 was published Jul 6, 2023
Mattermost fails to redact from audit logs the user password during user creation and the user... High Unreviewed
CVE-2023-1831 was published Jul 6, 2023
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5... High Unreviewed
CVE-2023-22880 was published Jul 6, 2023
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... High Unreviewed
CVE-2023-22611 was published Jul 6, 2023
Format string vulnerability in the distributed file system. Attackers who bypass the selinux... High Unreviewed
CVE-2023-37239 was published Jul 6, 2023
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module.... High Unreviewed
CVE-2022-48516 was published Jul 6, 2023
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this... High Unreviewed
CVE-2022-48520 was published Jul 6, 2023
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this... High Unreviewed
CVE-2022-48519 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database