Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
Exposure of sensitive information in follow-redirects High
CVE-2022-0155 was published for follow-redirects (npm) Jan 12, 2022
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Unauthenticated user can retrieve the list of users through uorgsuggest.vm Moderate
CVE-2022-24819 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 8, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information... Moderate Unreviewed
CVE-2021-22876 was published May 24, 2022
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier)... Moderate Unreviewed
CVE-2021-28559 was published May 24, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription... Moderate Unreviewed
CVE-2022-0852 was published Aug 29, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA),... Moderate Unreviewed
CVE-2022-20942 was published Nov 4, 2022
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server Moderate
CVE-2022-41936 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Nov 21, 2022
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
Information exposure in microweber Moderate
CVE-2023-2239 was published for microweber/microweber (Composer) Apr 22, 2023
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series... Moderate Unreviewed
CVE-2023-22918 was published Apr 24, 2023
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media... High Unreviewed
CVE-2023-2703 was published May 23, 2023
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15... Moderate Unreviewed
CVE-2023-1936 was published Jul 11, 2023
Sensitive information disclosure due to spell-jacking. The following products are affected:... Moderate Unreviewed
CVE-2023-44156 was published Sep 27, 2023
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-44213 was published Oct 6, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the... Moderate Unreviewed
CVE-2023-34085 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database