GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
988 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Potential sensitive data exposure in applications using Vaadin 15
Low
GHSA-76f4-fw33-6j2v
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to...
Low
Unreviewed
CVE-2021-0983
was published
Dec 16, 2021
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure...
Low
Unreviewed
CVE-2010-4525
was published
May 17, 2022
HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows...
Low
Unreviewed
CVE-2015-5448
was published
May 17, 2022
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows...
Low
Unreviewed
CVE-2010-2913
was published
May 17, 2022
Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2...
Low
Unreviewed
CVE-2015-4537
was published
May 17, 2022
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain...
Low
Unreviewed
CVE-2015-3778
was published
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Low
CVE-2017-3589
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Low
CVE-2014-0085
was published
for
org.jboss.fuse:jboss-fuse
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Low
CVE-2017-2651
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Low
CVE-2017-2603
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local...
Low
Unreviewed
CVE-2022-36878
was published
Sep 10, 2022
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0...
Low
Unreviewed
CVE-2020-7262
was published
May 24, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of...
Low
Unreviewed
CVE-2021-20478
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API