Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,971 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java Low
CVE-2017-3589 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch Moderate
CVE-2018-17244 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain... Low Unreviewed
CVE-2015-3778 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp Moderate
CVE-2022-24849 was published for DisCatSharp (NuGet) Apr 22, 2022
A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow... Moderate Unreviewed
CVE-2021-1562 was published May 24, 2022
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this... High Unreviewed
CVE-2010-1432 was published Apr 21, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix... High Unreviewed
CVE-2022-27241 was published Apr 13, 2022
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud... Moderate Unreviewed
CVE-2015-3782 was published May 17, 2022
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read... Moderate Unreviewed
CVE-2015-3784 was published May 17, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management... High Unreviewed
CVE-2022-27667 was published Apr 13, 2022
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an... Moderate Unreviewed
CVE-2015-5782 was published May 17, 2022
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5... Moderate Unreviewed
CVE-2022-27863 was published Apr 20, 2022
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the... Moderate Unreviewed
CVE-2015-3766 was published May 17, 2022
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2... Low Unreviewed
CVE-2015-4537 was published May 17, 2022
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 High Unreviewed
CVE-2022-27849 was published Apr 16, 2022
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in... Moderate Unreviewed
CVE-2022-25166 was published Apr 15, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which... High Unreviewed
CVE-2021-43287 was published Apr 15, 2022
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2022-22391 was published Apr 15, 2022
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download... High Unreviewed
CVE-2022-26591 was published Apr 7, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel... Moderate Unreviewed
CVE-2010-3280 was published May 17, 2022
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default... Moderate Unreviewed
CVE-2022-25245 was published Apr 6, 2022
Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of... Moderate Unreviewed
CVE-2021-40375 was published Apr 7, 2022
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in... Moderate Unreviewed
CVE-2021-43205 was published Apr 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database