Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,972 advisories

Loading
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private... High Unreviewed
CVE-2021-30163 was published May 24, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.)... High Unreviewed
CVE-2021-42893 was published Jun 4, 2022
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with... Moderate Unreviewed
CVE-2019-15698 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL... Moderate Unreviewed
CVE-2021-42568 was published May 24, 2022
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote... Moderate Unreviewed
CVE-2021-20772 was published May 24, 2022
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote... Moderate Unreviewed
CVE-2021-34683 was published May 24, 2022
Thycotic Password Reset Server before 5.3.0 allows credential disclosure. High Unreviewed
CVE-2021-34679 was published May 24, 2022
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by... Moderate Unreviewed
CVE-2022-22330 was published Sep 14, 2022
3D Viewer Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-31944 was published May 24, 2022
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10... Moderate Unreviewed
CVE-2021-22213 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2020-4732 was published May 24, 2022
Windows ActiveX Installer Service Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-26869 was published May 24, 2022
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators... Moderate Unreviewed
CVE-2021-3167 was published May 24, 2022
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. High Unreviewed
CVE-2021-31905 was published May 24, 2022
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote... Moderate Unreviewed
CVE-2020-23995 was published May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a... Moderate Unreviewed
CVE-2021-20564 was published May 24, 2022
Windows Backup Engine Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-24079 was published May 24, 2022
Windows DirectX Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-24106 was published May 24, 2022
Microsoft Teams iOS Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-24114 was published May 24, 2022
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1... Moderate Unreviewed
CVE-2021-25238 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1,... Moderate Unreviewed
CVE-2021-25239 was published May 24, 2022
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware... High Unreviewed
CVE-2021-20092 was published May 24, 2022
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2021-29247 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database