GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30617
was published
for
@strapi/strapi
(npm)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30618
was published
for
@strapi/strapi
(npm)
May 20, 2022
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy...
High
Unreviewed
CVE-2019-11243
was published
May 24, 2022
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information...
High
Unreviewed
CVE-2021-0340
was published
May 24, 2022
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to...
High
Unreviewed
CVE-2021-31780
was published
May 24, 2022
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP...
High
Unreviewed
CVE-2020-14301
was published
May 24, 2022
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS)....
High
Unreviewed
CVE-2020-36476
was published
May 24, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Vulnerability of residual files not being deleted after an update in the ChinaDRM module....
High
Unreviewed
CVE-2021-46813
was published
Jun 14, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Wasmtime may have data leakage between instances in the pooling allocator
High
CVE-2022-39393
was published
for
wasmtime
(Rust)
Nov 10, 2022
Information management vulnerability in the Gallery module.Successful exploitation of this...
High
Unreviewed
CVE-2023-52376
was published
Feb 18, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop:...
High
Unreviewed
CVE-2024-49997
was published
Oct 21, 2024
ProTip!
Advisories are also available from the
GraphQL API