GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
Moderate
CVE-2023-26051
was published
for
Saleor
(pip)
Mar 3, 2023
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Low
CVE-2023-26052
was published
for
saleor
(pip)
Mar 2, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
High
CVE-2023-25956
was published
for
apache-airflow-providers-amazon
(pip)
Feb 24, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
ghinstallation returns app JWT in error responses
Moderate
CVE-2022-39304
was published
for
github.com/bradleyfalzon/ghinstallation
(Go)
Dec 19, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Moderate
CVE-2022-31189
was published
for
org.dspace:dspace-jspui
(Maven)
Aug 6, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Possible leak of key's raw field if declared length is incorrect
High
CVE-2022-31124
was published
for
openssh-key-parser
(pip)
Jul 6, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core
Moderate
CVE-2022-31047
was published
for
typo3/cms
(Composer)
Jun 17, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Dev error stack trace leaking into prod in Play Framework
Moderate
CVE-2022-31023
was published
for
com.typesafe.play:play_2.12
(Maven)
Jun 3, 2022
Generation of Error Message Containing Sensitive Information in Elasticsearch
Moderate
CVE-2021-22145
was published
for
org.elasticsearch.client:elasticsearch-rest-client
(Maven)
May 24, 2022
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
Moderate
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
Path Disclosure within joomla/filesystem class
Moderate
CVE-2022-23794
was published
for
joomla/filesystem
(Composer)
Mar 31, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Ansible discloses sensitive information in traceback error message
Moderate
CVE-2021-3620
was published
for
ansible
(pip)
Mar 4, 2022
Generation of Error Message Containing Sensitive Information in microweber
High
CVE-2022-0660
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
ProTip!
Advisories are also available from the
GraphQL API