GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
306 advisories
Filter by severity
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated...
Moderate
Unreviewed
CVE-2023-0655
was published
Feb 14, 2023
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A...
Moderate
Unreviewed
CVE-2022-46675
was published
Feb 11, 2023
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message...
Moderate
Unreviewed
CVE-2022-46371
was published
Jan 12, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2022-22449
was published
Dec 24, 2022
When importing resources using Web Workers, error messages would distinguish the difference...
Moderate
Unreviewed
CVE-2022-22760
was published
Dec 22, 2022
ghinstallation returns app JWT in error responses
Moderate
CVE-2022-39304
was published
for
github.com/bradleyfalzon/ghinstallation
(Go)
Dec 19, 2022
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1...
Low
Unreviewed
CVE-2022-34881
was published
Dec 6, 2022
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured...
Moderate
Unreviewed
CVE-2022-40292
was published
Nov 1, 2022
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an...
Critical
Unreviewed
CVE-2021-42777
was published
Oct 29, 2022
In affected versions of Octopus Server it is possible to reveal the existence of resources in a...
Moderate
Unreviewed
CVE-2022-2508
was published
Oct 27, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This...
Moderate
Unreviewed
CVE-2022-38107
was published
Oct 20, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the...
Moderate
Unreviewed
CVE-2022-2760
was published
Sep 29, 2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage...
Moderate
Unreviewed
CVE-2022-34882
was published
Sep 7, 2022
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6...
Moderate
Unreviewed
CVE-2021-39086
was published
Aug 17, 2022
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages...
High
Unreviewed
CVE-2022-33930
was published
Aug 11, 2022
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2022-35715
was published
Aug 11, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Moderate
CVE-2022-31189
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could...
Moderate
Unreviewed
CVE-2021-39018
was published
Jul 15, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Possible leak of key's raw field if declared length is incorrect
Moderate
CVE-2022-31124
was published
for
openssh-key-parser
(pip)
Jul 6, 2022
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information...
Moderate
Unreviewed
CVE-2022-31229
was published
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API