Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

628 advisories

Loading
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu vdata1
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password Moderate
CVE-2021-29043 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Rancher's SAML-based login via CLI can be denied by unauthenticated users Moderate
CVE-2025-23387 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Moodle sensitive information disclosure Moderate
CVE-2015-5340 was published for moodle/moodle (Composer) May 13, 2022
decsecre583
TunnelVision - decloaking VPNs using DHCP Moderate
GHSA-hqmp-g7ph-x543 was published for quincy (Rust) Dec 27, 2024
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for org.apache.iotdb:node-commons (Maven) May 14, 2025
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Liferay Portal and Liferay DXP Fails to Sanitize API Data Moderate
CVE-2020-13444 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens Moderate
CVE-2022-31684 was published for io.projectreactor.netty:reactor-netty-http (Maven) Oct 20, 2022
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2013-4522 was published for moodle/moodle (Composer) May 13, 2022
AnonySE26
Information Disclosure via Flags override link Moderate
CVE-2025-46332 was published for @vercel/flags (npm) May 2, 2025
Moderate severity vulnerability that affects rails Moderate
CVE-2007-5379 was published for rails (RubyGems) Oct 24, 2017
katzj
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Apache Wicket allows attackers to check for third-party libraries Moderate
CVE-2014-0043 was published for org.apache.wicket:wicket-core (Maven) May 17, 2022
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
Hashicorp Nomad Information Exposure Through Environmental Variables Moderate
CVE-2019-14802 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
tdunlap607
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Pillow Temporary file name leakage Moderate
CVE-2014-1933 was published for Pillow (pip) May 18, 2020
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database