Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

163 advisories

Loading
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1... High Unreviewed
CVE-2018-3609 was published May 13, 2022
Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure... High Unreviewed
CVE-2018-3828 was published May 13, 2022
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support... High Unreviewed
CVE-2017-8001 was published May 13, 2022
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and... High Unreviewed
CVE-2018-1223 was published May 13, 2022
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to... High Unreviewed
CVE-2019-9976 was published May 13, 2022
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The... High Unreviewed
CVE-2019-3716 was published May 13, 2022
Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS... High Unreviewed
CVE-2019-0266 was published May 13, 2022
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users.... High Unreviewed
CVE-2019-0029 was published May 13, 2022
** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode... High Unreviewed
CVE-2018-18466 was published May 13, 2022
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7... High Unreviewed
CVE-2018-15797 was published May 13, 2022
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly... High Unreviewed
CVE-2018-3827 was published May 13, 2022
A password management issue exists where the Organization authentication username and password... High Unreviewed
CVE-2019-0032 was published May 13, 2022
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat... High Unreviewed
CVE-2019-3891 was published May 13, 2022
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive... High Unreviewed
CVE-2018-7683 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI... High Unreviewed
CVE-2016-9882 was published May 13, 2022
Openstack Octavia allows Insertion of Sensitive Information into Log File High
CVE-2018-16856 was published for octavia (pip) May 13, 2022
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and... High Unreviewed
CVE-2019-3500 was published May 13, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration... High Unreviewed
CVE-2016-0875 was published May 13, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log... High Unreviewed
CVE-2016-0879 was published May 13, 2022
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can... High Unreviewed
CVE-2021-45103 was published Apr 7, 2022
Sensitive Auth & Cookie data stored in Jupyter server logs High
CVE-2022-24758 was published for notebook (pip) Apr 5, 2022
3coins
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information... High Unreviewed
CVE-2022-27442 was published Apr 5, 2022
Insertion of Sensitive Information into Log File in Jupyter notebook High
CVE-2022-24757 was published for jupyter-server (pip) Mar 25, 2022
3coins
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in... High Unreviewed
CVE-2022-0725 was published Mar 11, 2022
ProTip! Advisories are also available from the GraphQL API