Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

742 advisories

Loading
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log... High Unreviewed
CVE-2022-32556 was published Jul 22, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in... Moderate Unreviewed
CVE-2022-36321 was published Jul 21, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged... Moderate Unreviewed
CVE-2022-31674 was published Aug 11, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016... High Unreviewed
CVE-2017-5153 was published May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and... High Unreviewed
CVE-2016-9344 was published May 17, 2022
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log... Moderate Unreviewed
CVE-2016-8912 was published May 17, 2022
IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive... Low Unreviewed
CVE-2016-0296 was published May 17, 2022
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8... High Unreviewed
CVE-2015-8977 was published May 17, 2022
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token... Moderate Unreviewed
CVE-2022-32217 was published Sep 25, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
check-spelling workflow vulnerable to token leakage via symlink attack Critical
CVE-2021-32724 was published for check-spelling/check-spelling (GitHub Actions) Jul 29, 2022
justinsteven
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by... Low Unreviewed
CVE-2016-2943 was published May 17, 2022
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive... Moderate Unreviewed
CVE-2016-2928 was published May 17, 2022
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local... Moderate Unreviewed
CVE-2016-5967 was published May 17, 2022
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive... Moderate Unreviewed
CVE-2021-39011 was published Jan 20, 2023
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in... Moderate Unreviewed
CVE-2022-35719 was published Nov 14, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were... High Unreviewed
CVE-2022-27895 was published Nov 16, 2022
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where... High Unreviewed
CVE-2022-27896 was published Nov 15, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The... Moderate Unreviewed
CVE-2022-33187 was published Dec 9, 2022
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could... Moderate Unreviewed
CVE-2022-20651 was published Jun 23, 2022
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could... Moderate Unreviewed
CVE-2019-1953 was published May 24, 2022
In Accounts, there is a possible way to write sensitive information to the system log due to... Moderate Unreviewed
CVE-2022-20278 was published Aug 13, 2022
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. Moderate Unreviewed
CVE-2018-20956 was published May 24, 2022
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s... Moderate Unreviewed
CVE-2022-28625 was published Sep 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database