Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows... Moderate Unreviewed
CVE-2023-6253 was published Nov 22, 2023
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Moderate Unreviewed
CVE-2022-0881 was published Mar 10, 2022
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the... Moderate Unreviewed
CVE-2022-41320 was published Sep 25, 2022
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control ... Moderate Unreviewed
CVE-2022-21823 was published Jan 11, 2022
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the... Moderate Unreviewed
CVE-2017-13909 was published Dec 24, 2021
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such... Moderate Unreviewed
CVE-2017-6911 was published May 13, 2022
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where... Moderate Unreviewed
CVE-2017-16560 was published May 13, 2022
An information disclosure vulnerability in File-Based Encryption could enable a local malicious... Moderate Unreviewed
CVE-2017-0493 was published May 13, 2022
Authentication bypass in Apache Kylin Moderate
CVE-2020-13937 was published for org.apache.kylin:kylin (Maven) Feb 10, 2022
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The... Moderate Unreviewed
CVE-2019-4549 was published May 24, 2022
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel... Moderate Unreviewed
CVE-2022-1044 was published May 13, 2022
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing... Moderate Unreviewed
CVE-2021-0639 was published May 24, 2022
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). Moderate Unreviewed
CVE-2021-38590 was published May 24, 2022
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special... Moderate Unreviewed
CVE-2021-36127 was published May 24, 2022
Insecure storage of sensitive information has been reported to affect QNAP NAS running... Moderate Unreviewed
CVE-2021-28815 was published May 24, 2022
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores... Moderate Unreviewed
CVE-2020-5008 was published May 24, 2022
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can... Moderate Unreviewed
CVE-2020-29603 was published May 24, 2022
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated... Moderate Unreviewed
CVE-2020-28911 was published May 24, 2022
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10... Moderate Unreviewed
CVE-2020-9202 was published May 24, 2022
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store... Moderate Unreviewed
CVE-2021-28653 was published May 24, 2022
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized... Moderate Unreviewed
CVE-2020-27746 was published May 24, 2022
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker... Moderate Unreviewed
CVE-2019-19560 was published May 24, 2022
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in... Moderate Unreviewed
CVE-2020-4673 was published May 24, 2022
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks... Moderate Unreviewed
CVE-2020-4674 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database