Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,730 advisories

Loading
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local... Moderate Unreviewed
CVE-2021-38901 was published Dec 14, 2021
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4... High Unreviewed
CVE-2021-37935 was published Dec 11, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator... Moderate Unreviewed
CVE-2021-43067 was published Dec 9, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37067 was published Dec 8, 2021
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials... High Unreviewed
CVE-2021-43963 was published Dec 8, 2021
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters.... Moderate Unreviewed
CVE-2020-27414 was published Dec 3, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information... Moderate Unreviewed
CVE-2021-39000 was published Dec 1, 2021
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of... Moderate Unreviewed
CVE-2021-38999 was published Dec 1, 2021
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A... High Unreviewed
CVE-2021-21980 was published Nov 25, 2021
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and... Moderate Unreviewed
CVE-2021-37036 was published Nov 24, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37010 was published Nov 24, 2021
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when... Moderate Unreviewed
CVE-2019-5640 was published Nov 23, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not... Moderate Unreviewed
CVE-2021-42744 was published Nov 20, 2021
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Unauthorized access to data in @sap-cloud-sdk/core Moderate
CVE-2021-41251 was published for @sap-cloud-sdk/core (npm) Nov 10, 2021
johenning
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Credential Disclosure in System.DirectoryServices.Protocols Moderate
CVE-2021-41355 was published for System.DirectoryServices.Protocols (NuGet) Oct 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible High
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database