GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
304 advisories
Filter by severity
Internal exception message exposure for login action in Sylius
Low
CVE-2019-16768
was published
for
sylius/sylius
(Composer)
Dec 5, 2019
Sensitive Data Exposure in parse-server
Moderate
CVE-2019-1020013
was published
for
parse-server
(npm)
Jul 11, 2019
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Critical
CVE-2019-7644
was published
for
Auth0-WCF-Service-JWT
(NuGet)
Apr 18, 2019
Authorization header is not sanitized in an error object in auth0
High
CVE-2020-15125
was published
for
auth0
(npm)
Jul 29, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Information Exposure in type-graphql
Low
GHSA-xf64-2f9p-6pqq
was published
for
type-graphql
(npm)
Sep 4, 2020
Information leakage in Error Handler
Moderate
GHSA-9vxv-wpv4-f52p
was published
for
shopware/shopware
(Composer)
May 21, 2021
Generation of Error Message Containing Sensitive Information in RESTEasy client
Moderate
CVE-2020-25633
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
Jun 3, 2021
Sensitive information could be displayed when a detailed technical error message is posted. This...
Moderate
Unreviewed
CVE-2021-35251
was published
Mar 11, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
An attacker can gain knowledge of a session temporary working folder where the getfile and...
High
Unreviewed
CVE-2021-32937
was published
Apr 3, 2022
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14...
Moderate
Unreviewed
CVE-2022-1120
was published
Apr 5, 2022
In APache APISIX before 3.13.1, an attacker can obtain a plugin-configured secret via an error...
High
Unreviewed
CVE-2022-29266
was published
Apr 21, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0...
Moderate
Unreviewed
CVE-2021-39033
was published
Apr 20, 2022
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed...
High
Unreviewed
CVE-2020-4584
was published
May 24, 2022
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
Moderate
Unreviewed
CVE-2020-20470
was published
May 24, 2022
Generation of Error Message Containing Sensitive Information in Elasticsearch
Moderate
CVE-2021-22145
was published
for
org.elasticsearch.client:elasticsearch-rest-client
(Maven)
May 24, 2022
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote...
Moderate
Unreviewed
CVE-2020-23995
was published
May 24, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is...
Moderate
Unreviewed
CVE-2022-26973
was published
Jun 3, 2022
Dev error stack trace leaking into prod in Play Framework
Moderate
CVE-2022-31023
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information...
Moderate
Unreviewed
CVE-2022-31229
was published
Jun 29, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
ProTip!
Advisories are also available from the
GraphQL API