Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,666 advisories

Loading
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4... High Unreviewed
CVE-2021-37935 was published Dec 11, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak High
CVE-2020-1940 was published for org.apache.jackrabbit:oak-core (Maven) Dec 10, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37067 was published Dec 8, 2021
An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials... High Unreviewed
CVE-2021-43963 was published Dec 8, 2021
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A... High Unreviewed
CVE-2021-21980 was published Nov 25, 2021
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei... High Unreviewed
CVE-2021-37010 was published Nov 24, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible High
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Splash authentication credentials potentially leaked to target websites High
CVE-2021-41124 was published for scrapy-splash (pip) Oct 6, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
LiveQuery publishes user session tokens in parse-server High
CVE-2021-41109 was published for parse-server (npm) Sep 30, 2021
dblythy
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario High
CVE-2021-40690 was published for org.apache.santuario:xmlsec (Maven) Sep 20, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2021-25122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Private Field data leak High
CVE-2021-32624 was published for @keystonejs/keystone (npm) May 27, 2021
molomby dcousens
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
nebrelbug
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database