GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware...
High
Unreviewed
CVE-2024-8890
was published
Sep 18, 2024
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative...
Moderate
Unreviewed
CVE-2024-31200
was published
Jul 31, 2024
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows...
Critical
Unreviewed
CVE-2024-7205
was published
Jul 31, 2024
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php...
Moderate
Unreviewed
CVE-2024-37881
was published
Jun 19, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password"...
Moderate
Unreviewed
CVE-2024-28173
was published
Mar 6, 2024
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3...
Moderate
Unreviewed
CVE-2024-26270
was published
Feb 20, 2024
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2,...
Moderate
Unreviewed
CVE-2024-25150
was published
Feb 20, 2024
An information disclosure vulnerability exists in the challenge functionality of instipod...
Moderate
Unreviewed
CVE-2023-49594
was published
Dec 23, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4...
Moderate
Unreviewed
CVE-2023-32275
was published
Oct 12, 2023
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Moderate
CVE-2023-1975
was published
for
github.com/answerdev/answer
(Go)
Apr 11, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in...
Moderate
Unreviewed
CVE-2020-27784
was published
Sep 2, 2022
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided...
Moderate
Unreviewed
CVE-2022-27779
was published
Jun 3, 2022
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling...
Moderate
Unreviewed
CVE-2020-27748
was published
May 24, 2022
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2021-1128
was published
May 24, 2022
A vulnerability in the authentication for the general purpose APIs implementation of Cisco...
Moderate
Unreviewed
CVE-2021-1129
was published
May 24, 2022
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and...
Moderate
Unreviewed
CVE-2020-1774
was published
May 24, 2022
Support bundle generated files could contain sensitive information that might be unwanted to be...
Moderate
Unreviewed
CVE-2020-1770
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API