GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
Windows Kernel-Mode Driver Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-43554
was published
Oct 8, 2024
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which...
Moderate
Unreviewed
CVE-2024-7698
was published
Sep 10, 2024
Apache StreamPark: Information leakage vulnerability
Moderate
CVE-2024-29120
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Improper removal of sensitive information in data source export feature in Devolutions Remote...
Moderate
Unreviewed
CVE-2024-6055
was published
Jun 17, 2024
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212]...
Moderate
Unreviewed
CVE-2024-31493
was published
Jun 3, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB,...
Moderate
Unreviewed
CVE-2023-3006
was published
May 31, 2023
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks...
Moderate
Unreviewed
CVE-2023-1637
was published
Mar 28, 2023
usememos/memos may leak user information to an authenticated user
Moderate
CVE-2022-4734
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a...
Moderate
Unreviewed
CVE-2022-0171
was published
Aug 27, 2022
AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to...
Moderate
Unreviewed
CVE-2022-29900
was published
Jul 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk...
Moderate
Unreviewed
CVE-2022-1893
was published
Jun 1, 2022
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000...
Moderate
Unreviewed
CVE-2021-3031
was published
May 24, 2022
Some websites have a feature "Show Password" where clicking a button will change a password field...
Moderate
Unreviewed
CVE-2020-26965
was published
May 24, 2022
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors...
Moderate
Unreviewed
CVE-2020-8696
was published
May 24, 2022
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3...
Moderate
Unreviewed
CVE-2019-20637
was published
May 24, 2022
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730...
Moderate
Unreviewed
CVE-2019-19362
was published
May 24, 2022
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable...
Moderate
Unreviewed
CVE-2018-1062
was published
May 13, 2022
Exposure of sensitive system information due to uncleared debug information in firmware for some...
Moderate
Unreviewed
CVE-2021-33080
was published
May 13, 2022
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and...
Moderate
Unreviewed
CVE-2021-33082
was published
May 13, 2022
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier...
Moderate
Unreviewed
CVE-2002-0704
was published
Apr 30, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
Moderate
CVE-2021-38554
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API