Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from... High Unreviewed
CVE-2022-46081 was published Jan 4, 2023
A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5... High Unreviewed
CVE-2013-10007 was published Jan 3, 2023
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to... High Unreviewed
CVE-2022-3460 was published Jan 3, 2023
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the... High Unreviewed
CVE-2022-45414 was published Dec 22, 2022
The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of... High Unreviewed
CVE-2022-46310 was published Dec 20, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE... High Unreviewed
CVE-2022-46355 was published Dec 13, 2022
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost
Credited to pavelarnost
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation... High Unreviewed
CVE-2022-3907 was published Dec 5, 2022
The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take... High Unreviewed
CVE-2022-3694 was published Dec 5, 2022
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus... High Unreviewed
CVE-2022-4280 was published Dec 3, 2022
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th... High Unreviewed
CVE-2022-28607 was published Dec 1, 2022
A vulnerability classified as problematic has been found in SourceCodester Book Store Management... High Unreviewed
CVE-2022-4228 was published Nov 30, 2022
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
amita-seal
Credited to mrjonstrong, pjfanning, and amita-seal
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user High
CVE-2022-40308 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to... High Unreviewed
CVE-2022-42977 was published Nov 15, 2022
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
Credited to sunSUNQ
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
Credited to tranca
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated... High Unreviewed
CVE-2022-39018 was published Nov 1, 2022
IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via... High Unreviewed
CVE-2022-43366 was published Oct 27, 2022
Yordam Library Information Document Automation product before version 19.02 has an... High Unreviewed
CVE-2021-45475 was published Oct 27, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-26423 was published Oct 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database