Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. High Unreviewed
CVE-2019-9929 was published May 24, 2022
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used... High Unreviewed
CVE-2019-11336 was published May 24, 2022
ProjectSend before r1070 writes user passwords to the server logs. High Unreviewed
CVE-2019-11492 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an... High Unreviewed
CVE-2019-9724 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a... High Unreviewed
CVE-2019-9734 was published May 24, 2022
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s... High Unreviewed
CVE-2019-6157 was published May 24, 2022
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8... High Unreviewed
CVE-2015-8977 was published May 17, 2022
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform... High Unreviewed
CVE-2016-8346 was published May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and... High Unreviewed
CVE-2016-9344 was published May 17, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016... High Unreviewed
CVE-2017-5153 was published May 17, 2022
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping... High Unreviewed
CVE-2018-7433 was published May 14, 2022
django-anymail Includes Sensitive Information in Log Files High
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request... High Unreviewed
CVE-2018-12604 was published May 14, 2022
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during... High Unreviewed
CVE-2018-1198 was published May 14, 2022
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and... High Unreviewed
CVE-2018-17447 was published May 14, 2022
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13... High Unreviewed
CVE-2018-14700 was published May 14, 2022
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or... High Unreviewed
CVE-2018-19786 was published May 14, 2022
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive... High Unreviewed
CVE-2019-0741 was published May 14, 2022
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information... High Unreviewed
CVE-2017-15572 was published May 14, 2022
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs... High Unreviewed
CVE-2018-19513 was published May 14, 2022
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x,... High Unreviewed
CVE-2018-19865 was published May 14, 2022
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity... High Unreviewed
CVE-2018-7204 was published May 13, 2022
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure... High Unreviewed
CVE-2018-6971 was published May 13, 2022
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the... High Unreviewed
CVE-2018-16889 was published May 13, 2022
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's... High Unreviewed
CVE-2018-1000018 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database