Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,796
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,006
Pub
10
RubyGems
829
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. Moderate Unreviewed
CVE-2022-27671 was published Apr 13, 2022
A vulnerability in the authentication for the general purpose APIs implementation of Cisco... Moderate Unreviewed
CVE-2021-1129 was published May 24, 2022
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2021-1128 was published May 24, 2022
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling... Moderate Unreviewed
CVE-2020-27748 was published May 24, 2022
A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the... Moderate Unreviewed
CVE-2019-14849 was published May 24, 2022
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
Potential sensitive information disclosed in error reports Low
CVE-2021-21416 was published for django-registration (pip) Apr 6, 2021
martinmo tdunlap607
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in... Moderate Unreviewed
CVE-2020-27784 was published Sep 2, 2022
Support bundle generated files could contain sensitive information that might be unwanted to be... Moderate Unreviewed
CVE-2020-1770 was published May 24, 2022
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and... Moderate Unreviewed
CVE-2020-1774 was published May 24, 2022
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
Vaadin vulnerable to possible information disclosure in non visible components. Moderate
CVE-2023-25499 was published for com.vaadin:flow-server (Maven) Jun 22, 2023
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
Remote Memory Exposure in mongoose Moderate
GHSA-r5xw-q988-826m was published for mongoose (npm) Sep 1, 2020
mprpic
An information disclosure vulnerability exists in the challenge functionality of instipod... Moderate Unreviewed
CVE-2023-49594 was published Dec 23, 2023
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2,... Moderate Unreviewed
CVE-2024-25150 was published Feb 20, 2024
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3... Moderate Unreviewed
CVE-2024-26270 was published Feb 20, 2024
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password"... Moderate Unreviewed
CVE-2024-28173 was published Mar 6, 2024
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when... Moderate Unreviewed
CVE-2019-15580 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API