GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,030 advisories
Filter by severity
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters....
Moderate
Unreviewed
CVE-2020-27414
was published
Dec 3, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2021-39000
was published
Dec 1, 2021
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of...
Moderate
Unreviewed
CVE-2021-38999
was published
Dec 1, 2021
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and...
Moderate
Unreviewed
CVE-2021-37036
was published
Nov 24, 2021
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when...
Moderate
Unreviewed
CVE-2019-5640
was published
Nov 23, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not...
Moderate
Unreviewed
CVE-2021-42744
was published
Nov 20, 2021
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
Unauthorized access to data in @sap-cloud-sdk/core
Moderate
CVE-2021-41251
was published
for
@sap-cloud-sdk/core
(npm)
Nov 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Moderate
CVE-2020-25703
was published
for
moodle/moodle
(Composer)
Oct 21, 2021
Credential Disclosure in System.DirectoryServices.Protocols
Moderate
CVE-2021-41355
was published
for
System.DirectoryServices.Protocols
(NuGet)
Oct 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10217
was published
for
ansible
(pip)
Oct 12, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Exposure of Sensitive Information in keycloak
Moderate
CVE-2020-1744
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 20, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
Incorrect Access Control in Nacos
Moderate
CVE-2020-19676
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Aug 2, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
ProTip!
Advisories are also available from the
GraphQL API