Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-43376 was published for Umbraco.Cms.Api.Management (NuGet) Aug 20, 2024
Sensitive Information in Error Messages in Apache Airflow Moderate
CVE-2023-25695 was published for apache-airflow (pip) Mar 15, 2023
Ansible discloses sensitive information in traceback error message Moderate
CVE-2021-3620 was published for ansible (pip) Mar 4, 2022
jhutchings1
CKAN may leak Solr credentials via error message in package_search action Moderate
CVE-2024-41674 was published for ckan (pip) Aug 21, 2024
FuhuXia
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
Google Sheets data source plugin for Grafana information disclosure vulnerability Moderate
CVE-2023-4457 was published for github.com/grafana/google-sheets-datasource (Go) Oct 16, 2023
Path Disclosure within joomla/filesystem class Moderate
CVE-2022-23794 was published for joomla/filesystem (Composer) Mar 31, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details Moderate
CVE-2019-14433 was published for nova (pip) May 24, 2022
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Exceptions displayed in non-debug configurations in Symfony Moderate
CVE-2020-5274 was published for symfony/error-handler (Composer) Mar 30, 2020
yceruto jderusse
LukaSikic
jupyter-server errors include tracebacks with path information Moderate
CVE-2023-49080 was published for jupyter-server (pip) Dec 5, 2023
krsecu
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document Moderate
CVE-2023-47636 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 15, 2023
xcapri
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API