GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Eclipse Jetty Server generates error message containing sensitive information
Moderate
CVE-2018-12536
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Sensitive Data Exposure in parse-server
Moderate
CVE-2019-1020013
was published
for
parse-server
(npm)
Jul 11, 2019
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Information leakage in Error Handler
Moderate
GHSA-9vxv-wpv4-f52p
was published
for
shopware/shopware
(Composer)
May 21, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client
Moderate
CVE-2020-25633
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
Jun 3, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2022-0079
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
User enumeration in livehelperchat
Moderate
CVE-2022-0083
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Generation of Error Message Containing Sensitive Information in microweber
Moderate
CVE-2022-0504
was published
for
microweber/microweber
(Composer)
Feb 9, 2022
Wildfly logs plaintext passwords
Moderate
CVE-2020-25640
was published
for
org.wildfly:wildfly-parent
(Maven)
Feb 15, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT
Moderate
CVE-2022-0622
was published
for
snipe/snipe-it
(Composer)
Feb 18, 2022
Ansible discloses sensitive information in traceback error message
Moderate
CVE-2021-3620
was published
for
ansible
(pip)
Mar 4, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path Disclosure within joomla/filesystem class
Moderate
CVE-2022-23794
was published
for
joomla/filesystem
(Composer)
Mar 31, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
Generation of Error Message Containing Sensitive Information in Elasticsearch
Moderate
CVE-2021-22145
was published
for
org.elasticsearch.client:elasticsearch-rest-client
(Maven)
May 24, 2022
Dev error stack trace leaking into prod in Play Framework
Moderate
CVE-2022-31023
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core
Moderate
CVE-2022-31047
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Possible leak of key's raw field if declared length is incorrect
Moderate
CVE-2022-31124
was published
for
openssh-key-parser
(pip)
Jul 6, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Moderate
CVE-2022-31189
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API