GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
25 advisories
Filter by severity
An attacker can gain knowledge of a session temporary working folder where the getfile and...
High
Unreviewed
CVE-2021-32937
was published
Apr 3, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error...
High
Unreviewed
CVE-2022-29266
was published
Apr 21, 2022
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed...
High
Unreviewed
CVE-2020-4584
was published
May 24, 2022
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2021-20393
was published
May 24, 2022
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information...
High
Unreviewed
CVE-2021-29688
was published
May 24, 2022
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software...
High
Unreviewed
CVE-2017-16629
was published
May 24, 2022
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors...
High
Unreviewed
CVE-2021-25958
was published
May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2021-39023
was published
May 7, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
High
Unreviewed
CVE-2019-9223
was published
May 13, 2022
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism...
High
Unreviewed
CVE-2018-17961
was published
May 13, 2022
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in...
High
Unreviewed
CVE-2018-8042
was published
May 13, 2022
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages...
High
Unreviewed
CVE-2022-33930
was published
Aug 11, 2022
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2022-35715
was published
Aug 11, 2022
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of...
High
Unreviewed
CVE-2022-22162
was published
Jan 20, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote...
High
Unreviewed
CVE-2019-4269
was published
May 24, 2022
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7...
High
Unreviewed
CVE-2020-5026
was published
Mar 2, 2023
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router...
High
Unreviewed
CVE-2023-41027
was published
Sep 22, 2023
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can...
High
Unreviewed
CVE-2023-37306
was published
Jun 30, 2023
Server information leak of configuration data when an error is generated in response to a...
High
Unreviewed
CVE-2023-25948
was published
Jul 13, 2023
IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain...
High
Unreviewed
CVE-2023-33835
was published
Aug 31, 2023
.NET Framework Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-29059
was published
Mar 23, 2024
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-28939
was published
Apr 9, 2024
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api...
High
Unreviewed
CVE-2024-39719
was published
Oct 31, 2024
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs...
High
Unreviewed
CVE-2024-51560
was published
Nov 4, 2024
ProTip!
Advisories are also available from the
GraphQL API