Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,883 advisories

Loading
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which... High Unreviewed
CVE-2021-43287 was published Apr 15, 2022
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download... High Unreviewed
CVE-2022-26591 was published Apr 7, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
It was observed that while login into Business-central console, HTTP request discloses sensitive... High Unreviewed
CVE-2019-14839 was published Apr 3, 2022
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical... High Unreviewed
CVE-2022-0709 was published Apr 5, 2022
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A... High Unreviewed
CVE-2021-21980 was published Nov 25, 2021
The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10... High Unreviewed
CVE-2022-27192 was published Mar 25, 2022
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to... High Unreviewed
CVE-2022-25571 was published Mar 25, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with... High Unreviewed
CVE-2011-0291 was published May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database