GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16...
Low
Unreviewed
CVE-2023-5831
was published
Nov 6, 2023
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4...
Moderate
Unreviewed
CVE-2023-32275
was published
Oct 12, 2023
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8,...
High
Unreviewed
CVE-2023-3413
was published
Sep 29, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16...
Moderate
Unreviewed
CVE-2023-4378
was published
Sep 1, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8...
Moderate
Unreviewed
CVE-2023-4002
was published
Aug 4, 2023
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29...
Moderate
Unreviewed
CVE-2023-1401
was published
Jul 26, 2023
A sensitive information leak issue has been discovered in GitLab EE affecting all versions...
Moderate
Unreviewed
CVE-2023-3102
was published
Jul 21, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to...
Low
Unreviewed
CVE-2023-2620
was published
Jul 13, 2023
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10...
Moderate
Unreviewed
CVE-2023-1825
was published
Jun 7, 2023
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Moderate
CVE-2023-1975
was published
for
github.com/answerdev/answer
(Go)
Apr 11, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in...
Moderate
Unreviewed
CVE-2020-27784
was published
Sep 2, 2022
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided...
Moderate
Unreviewed
CVE-2022-27779
was published
Jun 3, 2022
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling...
Moderate
Unreviewed
CVE-2020-27748
was published
May 24, 2022
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2021-1128
was published
May 24, 2022
A vulnerability in the authentication for the general purpose APIs implementation of Cisco...
Moderate
Unreviewed
CVE-2021-1129
was published
May 24, 2022
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and...
Moderate
Unreviewed
CVE-2020-1774
was published
May 24, 2022
Support bundle generated files could contain sensitive information that might be unwanted to be...
Moderate
Unreviewed
CVE-2020-1770
was published
May 24, 2022
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when...
Moderate
Unreviewed
CVE-2019-15580
was published
May 24, 2022
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the...
Moderate
Unreviewed
CVE-2019-14849
was published
May 24, 2022
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
Moderate
Unreviewed
CVE-2022-27671
was published
Apr 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico
Moderate
CVE-2020-13597
was published
for
github.com/projectcalico/calico
(Go)
Feb 15, 2022
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
ProTip!
Advisories are also available from the
GraphQL API