GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,644 advisories
Filter by severity
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as...
High
Unreviewed
CVE-2008-6737
was published
May 17, 2022
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed...
High
Unreviewed
CVE-2021-20114
was published
May 24, 2022
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous...
High
Unreviewed
CVE-2021-32077
was published
May 24, 2022
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some...
High
Unreviewed
CVE-2020-28973
was published
May 24, 2022
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker...
High
Unreviewed
CVE-2021-20422
was published
May 24, 2022
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager...
High
Unreviewed
CVE-2021-22506
was published
May 24, 2022
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private...
High
Unreviewed
CVE-2021-30163
was published
May 24, 2022
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.)...
High
Unreviewed
CVE-2021-42893
was published
Jun 4, 2022
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
High
Unreviewed
CVE-2021-34679
was published
May 24, 2022
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
High
Unreviewed
CVE-2021-31905
was published
May 24, 2022
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware...
High
Unreviewed
CVE-2021-20092
was published
May 24, 2022
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized...
High
Unreviewed
CVE-2021-21482
was published
May 24, 2022
Server for NFS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-31975.
High
Unreviewed
CVE-2021-31976
was published
May 24, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
An information disclosure vulnerability was discovered in alipay_function.php in the log file of...
High
Unreviewed
CVE-2020-23768
was published
May 24, 2022
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to...
High
Unreviewed
CVE-2020-4985
was published
May 24, 2022
An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump...
High
Unreviewed
CVE-2021-26939
was published
May 24, 2022
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325.
High
Unreviewed
CVE-2021-28324
was published
May 24, 2022
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies...
High
Unreviewed
CVE-2021-3113
was published
May 24, 2022
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30...
High
Unreviewed
CVE-2021-29082
was published
May 24, 2022
Windows Remote Procedure Call Information Disclosure Vulnerability
High
Unreviewed
CVE-2021-1734
was published
May 24, 2022
Exposure of Sensitive Information in System.Net.Http
High
CVE-2019-0545
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File...
High
Unreviewed
CVE-2020-12112
was published
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API