GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
982 advisories
Filter by severity
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows...
Low
Unreviewed
CVE-2022-25826
was published
Mar 11, 2022
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows...
Low
Unreviewed
CVE-2022-25827
was published
Mar 11, 2022
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows...
Low
Unreviewed
CVE-2022-25828
was published
Mar 11, 2022
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751...
Low
Unreviewed
CVE-2022-25829
was published
Mar 11, 2022
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751...
Low
Unreviewed
CVE-2022-25830
was published
Mar 11, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Full list of recipients from customer users in a contact field could be disclosed in notification...
Low
Unreviewed
CVE-2022-0474
was published
Feb 8, 2022
Comment reply notifications sent to incorrect users
Low
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible way to...
Low
Unreviewed
CVE-2021-0983
was published
Dec 16, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local...
Low
Unreviewed
CVE-2021-25519
was published
Dec 9, 2021
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15
Low
GHSA-76f4-fw33-6j2v
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
Information Disclosure in Guava
Low
CVE-2020-8908
was published
for
com.google.guava:guava
(Maven)
Mar 25, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Low
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
ProTip!
Advisories are also available from the
GraphQL API