Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

213 advisories

Loading
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive... Moderate Unreviewed
CVE-2024-30141 was published Nov 7, 2024
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti... Moderate Unreviewed
CVE-2024-50512 was published Oct 30, 2024
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non... Moderate Unreviewed
CVE-2024-45713 was published Oct 17, 2024
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows... Moderate Unreviewed
CVE-2024-44762 was published Oct 16, 2024
Jenkins exposes multi-line secrets through error messages Moderate
CVE-2024-47803 was published for org.jenkins-ci.main:jenkins-core (Maven) Oct 2, 2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for... Moderate Unreviewed
CVE-2024-7426 was published Sep 25, 2024
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions... Moderate Unreviewed
CVE-2024-6544 was published Sep 13, 2024
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15... Moderate Unreviewed
CVE-2024-5435 was published Sep 12, 2024
A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It... Moderate Unreviewed
CVE-2024-8571 was published Sep 8, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2024-7415 was published Sep 6, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full... Moderate Unreviewed
CVE-2024-6551 was published Aug 29, 2024
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
CKAN may leak Solr credentials via error message in package_search action Moderate
CVE-2024-41674 was published for ckan (pip) Aug 21, 2024
FuhuXia
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-43376 was published for Umbraco.Cms.Api.Management (NuGet) Aug 20, 2024
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0... Moderate Unreviewed
CVE-2023-47728 was published Aug 16, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-39751 was published Aug 6, 2024
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-35640 was published Jul 17, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39737 was published Jul 15, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-35119 was published Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-50953 was published Jun 30, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2024-35156 was published Jun 29, 2024
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2024-35155 was published Jun 28, 2024
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database