Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,874 advisories

Loading
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users... High Unreviewed
CVE-2020-4159 was published Jul 13, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Protected fields exposed via LiveQuery High
CVE-2022-31112 was published for parse-server (npm) Jul 6, 2022
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the... High Unreviewed
CVE-2022-33742 was published Jul 6, 2022
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the... High Unreviewed
CVE-2022-33740 was published Jul 6, 2022
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the... High Unreviewed
CVE-2022-26365 was published Jul 6, 2022
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the... High Unreviewed
CVE-2022-33741 was published Jul 6, 2022
Hostname confusion in parse-url High
CVE-2022-0722 was published for parse-url (npm) Jun 28, 2022
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly... High Unreviewed
CVE-2022-20664 was published Jun 16, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory... High Unreviewed
CVE-2022-1412 was published Jun 14, 2022
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized... High Unreviewed
CVE-2022-32192 was published Jun 14, 2022
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that... High Unreviewed
CVE-2022-30556 was published Jun 10, 2022
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7... High Unreviewed
CVE-2019-25069 was published Jun 10, 2022
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as... High Unreviewed
CVE-2017-20022 was published Jun 10, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Credited to GrahamCampbell and am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Credited to GrahamCampbell
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an... High Unreviewed
CVE-2022-28382 was published Jun 9, 2022
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14... High Unreviewed
CVE-2021-39947 was published Jun 7, 2022
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker... High Unreviewed
CVE-2021-42886 was published Jun 4, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.)... High Unreviewed
CVE-2021-42891 was published Jun 4, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey,... High Unreviewed
CVE-2021-42889 was published Jun 4, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.)... High Unreviewed
CVE-2021-42893 was published Jun 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database