Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

271 advisories

Loading
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API