Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

323 advisories

Loading
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1... Low Unreviewed
CVE-2022-34881 was published Dec 6, 2022
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured... Moderate Unreviewed
CVE-2022-40292 was published Nov 1, 2022
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an... Critical Unreviewed
CVE-2021-42777 was published Oct 29, 2022
In affected versions of Octopus Server it is possible to reveal the existence of resources in a... Moderate Unreviewed
CVE-2022-2508 was published Oct 27, 2022
Sensitive information could be displayed when a detailed technical error message is posted. This... Moderate Unreviewed
CVE-2022-38107 was published Oct 20, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the... Moderate Unreviewed
CVE-2022-2760 was published Sep 29, 2022
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage... Moderate Unreviewed
CVE-2022-34882 was published Sep 7, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6... Moderate Unreviewed
CVE-2021-39086 was published Aug 17, 2022
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages... High Unreviewed
CVE-2022-33930 was published Aug 11, 2022
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2022-35715 was published Aug 11, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could... Moderate Unreviewed
CVE-2021-39018 was published Jul 15, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Possible leak of key's raw field if declared length is incorrect Moderate
CVE-2022-31124 was published for openssh-key-parser (pip) Jul 6, 2022
mike-arnica
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information... Moderate Unreviewed
CVE-2022-31229 was published Jun 29, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... Moderate Unreviewed
CVE-2022-26973 was published Jun 3, 2022
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure... Moderate Unreviewed
CVE-2020-27015 was published May 24, 2022
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace... Moderate Unreviewed
CVE-2019-4377 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-38981 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database