GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
Moderate
Unreviewed
CVE-2024-56353
was published
Dec 20, 2024
Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats....
Low
Unreviewed
CVE-2024-41156
was published
Oct 29, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop:...
High
Unreviewed
CVE-2024-49997
was published
Oct 21, 2024
Windows Kernel-Mode Driver Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-43554
was published
Oct 8, 2024
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which...
Moderate
Unreviewed
CVE-2024-7698
was published
Sep 10, 2024
Apache StreamPark: Information leakage vulnerability
Moderate
CVE-2024-29120
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Improper removal of sensitive information in data source export feature in Devolutions Remote...
Moderate
Unreviewed
CVE-2024-6055
was published
Jun 17, 2024
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212]...
Moderate
Unreviewed
CVE-2024-31493
was published
Jun 3, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Information management vulnerability in the Gallery module.Successful exploitation of this...
High
Unreviewed
CVE-2023-52376
was published
Feb 18, 2024
Sensitive information uncleared after debug/power state transition in the Controller 6000 could...
Low
Unreviewed
CVE-2023-41967
was published
Dec 19, 2023
A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB,...
Moderate
Unreviewed
CVE-2023-3006
was published
May 31, 2023
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks...
Moderate
Unreviewed
CVE-2023-1637
was published
Mar 28, 2023
usememos/memos may leak user information to an authenticated user
Moderate
CVE-2022-4734
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Wasmtime may have data leakage between instances in the pooling allocator
High
CVE-2022-39393
was published
for
wasmtime
(Rust)
Nov 10, 2022
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a...
Moderate
Unreviewed
CVE-2022-0171
was published
Aug 27, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to...
Moderate
Unreviewed
CVE-2022-29900
was published
Jul 13, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Vulnerability of residual files not being deleted after an update in the ChinaDRM module....
High
Unreviewed
CVE-2021-46813
was published
Jun 14, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
ProTip!
Advisories are also available from the
GraphQL API