GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows...
Moderate
Unreviewed
CVE-2023-6253
was published
Nov 22, 2023
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
Moderate
Unreviewed
CVE-2022-0881
was published
Mar 10, 2022
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the...
Moderate
Unreviewed
CVE-2022-41320
was published
Sep 25, 2022
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control ...
Moderate
Unreviewed
CVE-2022-21823
was published
Jan 11, 2022
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the...
Moderate
Unreviewed
CVE-2017-13909
was published
Dec 24, 2021
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such...
Moderate
Unreviewed
CVE-2017-6911
was published
May 13, 2022
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where...
Moderate
Unreviewed
CVE-2017-16560
was published
May 13, 2022
An information disclosure vulnerability in File-Based Encryption could enable a local malicious...
Moderate
Unreviewed
CVE-2017-0493
was published
May 13, 2022
Authentication bypass in Apache Kylin
Moderate
CVE-2020-13937
was published
for
org.apache.kylin:kylin
(Maven)
Feb 10, 2022
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The...
Moderate
Unreviewed
CVE-2019-4549
was published
May 24, 2022
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel...
Moderate
Unreviewed
CVE-2022-1044
was published
May 13, 2022
In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing...
Moderate
Unreviewed
CVE-2021-0639
was published
May 24, 2022
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
Moderate
Unreviewed
CVE-2021-38590
was published
May 24, 2022
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special...
Moderate
Unreviewed
CVE-2021-36127
was published
May 24, 2022
Insecure storage of sensitive information has been reported to affect QNAP NAS running...
Moderate
Unreviewed
CVE-2021-28815
was published
May 24, 2022
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores...
Moderate
Unreviewed
CVE-2020-5008
was published
May 24, 2022
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can...
Moderate
Unreviewed
CVE-2020-29603
was published
May 24, 2022
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated...
Moderate
Unreviewed
CVE-2020-28911
was published
May 24, 2022
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10...
Moderate
Unreviewed
CVE-2020-9202
was published
May 24, 2022
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store...
Moderate
Unreviewed
CVE-2021-28653
was published
May 24, 2022
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized...
Moderate
Unreviewed
CVE-2020-27746
was published
May 24, 2022
An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker...
Moderate
Unreviewed
CVE-2019-19560
was published
May 24, 2022
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in...
Moderate
Unreviewed
CVE-2020-4673
was published
May 24, 2022
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks...
Moderate
Unreviewed
CVE-2020-4674
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API