Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability High Unreviewed
CVE-2024-26192 was published Feb 24, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-29986 was published Apr 18, 2024
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the... Moderate Unreviewed
CVE-2023-34085 was published Oct 25, 2023
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series... Moderate Unreviewed
CVE-2023-22918 was published Apr 24, 2023
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information... Moderate Unreviewed
CVE-2021-22876 was published May 24, 2022
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media... High Unreviewed
CVE-2023-2703 was published May 23, 2023
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA),... Moderate Unreviewed
CVE-2022-20942 was published Nov 4, 2022
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Exposure of sensitive information in follow-redirects High
CVE-2022-0155 was published for follow-redirects (npm) Jan 12, 2022
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Information exposure in microweber Moderate
CVE-2023-2239 was published for microweber/microweber (Composer) Apr 22, 2023
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription... Moderate Unreviewed
CVE-2022-0852 was published Aug 29, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server Moderate
CVE-2022-41936 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Nov 21, 2022
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier)... Moderate Unreviewed
CVE-2021-28559 was published May 24, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
Unauthenticated user can retrieve the list of users through uorgsuggest.vm Moderate
CVE-2022-24819 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 8, 2022
ProTip! Advisories are also available from the GraphQL API