GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,867 advisories
Filter by severity
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on...
Moderate
Unreviewed
CVE-2022-0018
was published
Feb 11, 2022
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow...
Moderate
Unreviewed
CVE-2022-20680
was published
Feb 11, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Apache CXF JMX Integration is vulnerable to a MITM attack
Moderate
CVE-2020-1954
was published
for
org.apache.cxf:cxf-rt-management
(Maven)
Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord
High
CVE-2020-10591
was published
for
com.walmartlabs.concord.docker:concord-common
(Maven)
Feb 10, 2022
AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted...
Moderate
Unreviewed
CVE-2020-12966
was published
Feb 10, 2022
IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive...
High
Unreviewed
CVE-2021-38960
was published
Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Moderate
CVE-2020-13943
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Credentials bypass in Apache Druid
Moderate
CVE-2020-1958
was published
for
org.apache.druid:druid
(Maven)
Feb 9, 2022
Information exposure in xwiki-platform
Moderate
CVE-2022-23619
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Feb 9, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
Unauthorized access to Class instance in Jinjava
Moderate
CVE-2020-12668
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Feb 9, 2022
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in...
High
Unreviewed
CVE-2022-22680
was published
Feb 8, 2022
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries....
High
Unreviewed
CVE-2022-23320
was published
Feb 8, 2022
Full list of recipients from customer users in a contact field could be disclosed in notification...
Low
Unreviewed
CVE-2022-0474
was published
Feb 8, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
twisted
(pip)
Feb 7, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Hadoop token in temp file visible to all users in Apache Gobblin
Moderate
CVE-2021-36151
was published
for
org.apache.gobblin:gobblin-core
(Maven)
Feb 6, 2022
Unsafe handling of user-specified cookies in treq
Moderate
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that...
High
Unreviewed
CVE-2021-22825
was published
Jan 29, 2022
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting...
Moderate
Unreviewed
CVE-2021-22815
was published
Jan 29, 2022
Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a...
High
Unreviewed
CVE-2021-40340
was published
Jan 29, 2022
ProTip!
Advisories are also available from the
GraphQL API