Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

994 advisories

Loading
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin Low
GHSA-68c2-4mpx-qh95 was published for @sentry/react-native (npm) Mar 1, 2024
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish... Low Unreviewed
CVE-2008-1567 was published May 1, 2022
Undici's cookie header not cleared on cross-origin redirect in fetch Low
CVE-2023-45143 was published for undici (npm) Oct 16, 2023
ranjit-git KhafraDev
mcollina
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management... Low Unreviewed
CVE-2024-1591 was published Feb 16, 2024
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for... Low Unreviewed
CVE-2005-4868 was published May 1, 2022
Apache Tomcat information disclosure vulnerability Low
CVE-2008-4308 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
Moodle's login_as feature leaks information from external repositories Low
CVE-2013-1835 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual... Low Unreviewed
CVE-2020-12880 was published May 24, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. ... Low Unreviewed
CVE-2023-50950 was published Jan 17, 2024
Typo3 Backend Configuration XSS Vulnerability Low
CVE-2012-3529 was published for typo3/cms (Composer) May 17, 2022
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. Low
CVE-2023-49274 was published for Umbraco.CMS (NuGet) Dec 13, 2023
emmagarland
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
An information disclosure vulnerability exists when the Windows WaasMedic Service improperly... Low Unreviewed
CVE-2020-1548 was published May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service... Low Unreviewed
CVE-2020-1485 was published May 24, 2022
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access... Low Unreviewed
CVE-2020-1383 was published May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service... Low Unreviewed
CVE-2020-1474 was published May 24, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative... Low Unreviewed
CVE-2020-1459 was published May 24, 2022
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced... Low Unreviewed
CVE-2022-40696 was published Jan 9, 2024
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker... Low Unreviewed
CVE-2020-1578 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database