Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

46 advisories

Loading
Sensitive Data Exposure in parse-server Moderate
CVE-2019-1020013 was published for parse-server (npm) Jul 11, 2019
fastrde acinader
Reset Password / Login vulnerability in Sulu Moderate
CVE-2020-15132 was published for sulu/sulu (Composer) Aug 5, 2020
Synacktiv-contrib TomKeur
Prokyonn
Information leakage in Error Handler Moderate
GHSA-9vxv-wpv4-f52p was published for shopware/shopware (Composer) May 21, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client Moderate
CVE-2020-25633 was published for org.jboss.resteasy:resteasy-client (Maven) Jun 3, 2021
J4nsen
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
Generation of Error Message Containing Sensitive Information in Elasticsearch Moderate
CVE-2021-22145 was published for org.elasticsearch.client:elasticsearch-rest-client (Maven) May 24, 2022
Dev error stack trace leaking into prod in Play Framework Moderate
CVE-2022-31023 was published for com.typesafe.play:play_2.12 (Maven) Jun 3, 2022
BillyAutrey gmethvin
dontgitit
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization Moderate
CVE-2022-31189 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Exposure of class information in RESTEasy Moderate
CVE-2021-20289 was published for org.jboss.resteasy:resteasy-core (Maven) Apr 7, 2021
User enumeration in livehelperchat Moderate
CVE-2022-0083 was published for remdex/livehelperchat (Composer) Jan 21, 2022
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2022-0079 was published for showdoc/showdoc (Composer) Jan 6, 2022
Generation of Error Message Containing Sensitive Information in microweber Moderate
CVE-2022-0504 was published for microweber/microweber (Composer) Feb 9, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT Moderate
CVE-2022-0622 was published for snipe/snipe-it (Composer) Feb 18, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Wildfly logs plaintext passwords Moderate
CVE-2020-25640 was published for org.wildfly:wildfly-parent (Maven) Feb 15, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API