Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,768 advisories

Loading
The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in user, even a subscriber,... Moderate Unreviewed
CVE-2021-25110 was published Feb 15, 2022
Exposure of Sensitive Information in snipe/snipe-it Moderate
CVE-2022-0569 was published for snipe/snipe-it (Composer) Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in pimcore Moderate
CVE-2022-0565 was published for pimcore/pimcore (Composer) Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet... Moderate Unreviewed
CVE-2021-0166 was published Feb 11, 2022
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet... Moderate Unreviewed
CVE-2021-0170 was published Feb 11, 2022
A high privileged user who has access to transaction SM59 can read connection details stored with... Moderate Unreviewed
CVE-2022-22545 was published Feb 11, 2022
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business... Moderate Unreviewed
CVE-2022-22542 was published Feb 11, 2022
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded... Moderate Unreviewed
CVE-2022-22779 was published Feb 11, 2022
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on... Moderate Unreviewed
CVE-2022-0018 was published Feb 11, 2022
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2022-20630 was published Feb 11, 2022
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow... Moderate Unreviewed
CVE-2022-20680 was published Feb 11, 2022
Apache CXF JMX Integration is vulnerable to a MITM attack Moderate
CVE-2020-1954 was published for org.apache.cxf:cxf-rt-management (Maven) Feb 10, 2022
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted... Moderate Unreviewed
CVE-2020-12966 was published Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Moderate
CVE-2022-0536 was published for follow-redirects (npm) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat Moderate
CVE-2020-13943 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
Credentials bypass in Apache Druid Moderate
CVE-2020-1958 was published for org.apache.druid:druid (Maven) Feb 9, 2022
Information exposure in xwiki-platform Moderate
CVE-2022-23619 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Unauthorized access to Class instance in Jinjava Moderate
CVE-2020-12668 was published for com.hubspot.jinjava:jinjava (Maven) Feb 9, 2022
Hadoop token in temp file visible to all users in Apache Gobblin Moderate
CVE-2021-36151 was published for org.apache.gobblin:gobblin-core (Maven) Feb 6, 2022
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting... Moderate Unreviewed
CVE-2021-22815 was published Jan 29, 2022
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor... Moderate Unreviewed
CVE-2021-31567 was published Jan 29, 2022
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W... Moderate Unreviewed
CVE-2022-21199 was published Jan 29, 2022
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user... Moderate Unreviewed
CVE-2021-44692 was published Jan 27, 2022
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2021-29838 was published Jan 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database