Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
RCE in Symfony High
CVE-2020-15094 was published for symfony/http-kernel (Composer) Sep 2, 2020
mpdude stof
Buildah processes using chroot isolation may leak environment values to intermediate processes Moderate
CVE-2021-3602 was published for github.com/containers/buildah (Go) Jul 19, 2021
bburky
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault Moderate
CVE-2021-38554 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Moderate
CVE-2022-0536 was published for follow-redirects (npm) Feb 10, 2022
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd High
CVE-2022-24798 was published for irrd (pip) Apr 1, 2022
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier... Moderate Unreviewed
CVE-2002-0704 was published Apr 30, 2022
A design flaw in image processing software that modifies JPEG images might not modify the... Low Unreviewed
CVE-2005-0406 was published May 1, 2022
Exposure of sensitive system information due to uncleared debug information in firmware for some... Moderate Unreviewed
CVE-2021-33080 was published May 13, 2022
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and... Moderate Unreviewed
CVE-2021-33082 was published May 13, 2022
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable... Moderate Unreviewed
CVE-2018-1062 was published May 13, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30618 was published for @strapi/strapi (npm) May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30617 was published for @strapi/strapi (npm) May 20, 2022
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy... High Unreviewed
CVE-2019-11243 was published May 24, 2022
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730... Moderate Unreviewed
CVE-2019-19362 was published May 24, 2022
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3... Moderate Unreviewed
CVE-2019-20637 was published May 24, 2022
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without... Low Unreviewed
CVE-2020-11740 was published May 24, 2022
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for... Low Unreviewed
CVE-2020-13179 was published May 24, 2022
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors... Moderate Unreviewed
CVE-2020-8696 was published May 24, 2022
Some websites have a feature "Show Password" where clicking a button will change a password field... Moderate Unreviewed
CVE-2020-26965 was published May 24, 2022
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000... Moderate Unreviewed
CVE-2021-3031 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API