GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
294 advisories
Filter by severity
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Moderate
CVE-2023-31048
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
May 5, 2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error...
Moderate
Unreviewed
CVE-2023-27860
was published
Apr 27, 2023
User account enumeration in Serenity
Moderate
CVE-2023-31286
was published
for
Serenity.Net.Core
(NuGet)
Apr 27, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
High
CVE-2023-29193
was published
for
github.com/authzed/spicedb
(Go)
Apr 13, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4770
was published
Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,...
Moderate
Unreviewed
CVE-2022-4769
was published
Apr 3, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an...
Moderate
Unreviewed
CVE-2023-25687
was published
Mar 21, 2023
Sensitive Information in Error Messages in Apache Airflow
Moderate
CVE-2023-25695
was published
for
apache-airflow
(pip)
Mar 15, 2023
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Moderate
CVE-2023-26051
was published
for
Saleor
(pip)
Mar 3, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Low
CVE-2023-26052
was published
for
saleor
(pip)
Mar 2, 2023
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7...
High
Unreviewed
CVE-2020-5026
was published
Mar 2, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
High
CVE-2023-25956
was published
for
apache-airflow-providers-amazon
(pip)
Feb 24, 2023
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated...
Moderate
Unreviewed
CVE-2023-0655
was published
Feb 14, 2023
Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A...
Moderate
Unreviewed
CVE-2022-46675
was published
Feb 11, 2023
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message...
Moderate
Unreviewed
CVE-2022-46371
was published
Jan 12, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2022-22449
was published
Dec 24, 2022
When importing resources using Web Workers, error messages would distinguish the difference...
Moderate
Unreviewed
CVE-2022-22760
was published
Dec 22, 2022
ghinstallation returns app JWT in error responses
Moderate
CVE-2022-39304
was published
for
github.com/bradleyfalzon/ghinstallation
(Go)
Dec 19, 2022
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1...
Low
Unreviewed
CVE-2022-34881
was published
Dec 6, 2022
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured...
Moderate
Unreviewed
CVE-2022-40292
was published
Nov 1, 2022
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an...
Critical
Unreviewed
CVE-2021-42777
was published
Oct 29, 2022
In affected versions of Octopus Server it is possible to reveal the existence of resources in a...
Moderate
Unreviewed
CVE-2022-2508
was published
Oct 27, 2022
ProTip!
Advisories are also available from the
GraphQL API