Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

39 advisories

Loading
When a Web User without Create permission on subfolders attempts to upload a file to a non... Low Unreviewed
CVE-2025-0049 was published Apr 28, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2024-55895 was published Mar 29, 2025
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles... Low Unreviewed
CVE-2025-31141 was published Mar 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56811 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56496 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56493 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56495 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56810 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56494 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56812 was published Feb 27, 2025
The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error... Low Unreviewed
CVE-2024-52611 was published Feb 11, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56467 was published Feb 6, 2025
IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote... Low Unreviewed
CVE-2024-45658 was published Feb 4, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote... Low Unreviewed
CVE-2021-20455 was published Jan 7, 2025
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can... Low Unreviewed
CVE-2023-50355 was published Oct 24, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML... Low Unreviewed
CVE-2024-5250 was published Jul 30, 2024
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the... Low Unreviewed
CVE-2024-3454 was published Jul 24, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain... Low Unreviewed
CVE-2023-23474 was published May 3, 2024
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-32756 was published Mar 22, 2024
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the... Low Unreviewed
CVE-2023-34339 was published Jun 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database