Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
Ansible Uses Plugins That Disclose Credentials High
CVE-2019-14846 was published for ansible (pip) May 24, 2022
BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in... High Unreviewed
CVE-2019-6656 was published May 24, 2022
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j)... High Unreviewed
CVE-2019-5532 was published May 24, 2022
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
joshbressers
Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1,... High Unreviewed
CVE-2019-11271 was published May 24, 2022
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. High Unreviewed
CVE-2019-9929 was published May 24, 2022
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used... High Unreviewed
CVE-2019-11336 was published May 24, 2022
ProjectSend before r1070 writes user passwords to the server logs. High Unreviewed
CVE-2019-11492 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an... High Unreviewed
CVE-2019-9724 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a... High Unreviewed
CVE-2019-9734 was published May 24, 2022
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s... High Unreviewed
CVE-2019-6157 was published May 24, 2022
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8... High Unreviewed
CVE-2015-8977 was published May 17, 2022
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform... High Unreviewed
CVE-2016-8346 was published May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and... High Unreviewed
CVE-2016-9344 was published May 17, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016... High Unreviewed
CVE-2017-5153 was published May 17, 2022
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping... High Unreviewed
CVE-2018-7433 was published May 14, 2022
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request... High Unreviewed
CVE-2018-12604 was published May 14, 2022
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during... High Unreviewed
CVE-2018-1198 was published May 14, 2022
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and... High Unreviewed
CVE-2018-17447 was published May 14, 2022
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13... High Unreviewed
CVE-2018-14700 was published May 14, 2022
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or... High Unreviewed
CVE-2018-19786 was published May 14, 2022
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive... High Unreviewed
CVE-2019-0741 was published May 14, 2022
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information... High Unreviewed
CVE-2017-15572 was published May 14, 2022
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs... High Unreviewed
CVE-2018-19513 was published May 14, 2022
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x,... High Unreviewed
CVE-2018-19865 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database