Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

753 advisories

Loading
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access... Critical Unreviewed
CVE-2018-11717 was published May 14, 2022
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is... Critical Unreviewed
CVE-2018-11716 was published May 14, 2022
Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy... Moderate Unreviewed
CVE-2018-2440 was published May 14, 2022
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel... Moderate Unreviewed
CVE-2017-5549 was published May 14, 2022
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request... High Unreviewed
CVE-2018-12604 was published May 14, 2022
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target... Critical Unreviewed
CVE-2018-11320 was published May 14, 2022
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp... Moderate Unreviewed
CVE-2018-8719 was published May 14, 2022
Ionic Team Cordova plugin iOS Keychain version before commit... Critical Unreviewed
CVE-2018-1000123 was published May 14, 2022
django-anymail Includes Sensitive Information in Log Files Critical
CVE-2018-1000089 was published for django-anymail (pip) May 14, 2022
westonsteimel
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping... High Unreviewed
CVE-2018-7433 was published May 14, 2022
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error... Moderate Unreviewed
CVE-2017-1727 was published May 14, 2022
OpenStack Nova logs sensitive context from notification exceptions Critical
CVE-2017-7214 was published for nova (pip) May 14, 2022
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the... Moderate Unreviewed
CVE-2017-16946 was published May 17, 2022
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in... Critical Unreviewed
CVE-2017-1000171 was published May 17, 2022
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5... Critical Unreviewed
CVE-2017-6165 was published May 17, 2022
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x... Moderate Unreviewed
CVE-2017-0380 was published May 17, 2022
rsyslog uses weak permissions for generating log files, which allows local users to obtain... Moderate Unreviewed
CVE-2015-3243 was published May 17, 2022
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log... Critical Unreviewed
CVE-2017-8075 was published May 17, 2022
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log... Critical Unreviewed
CVE-2017-8074 was published May 17, 2022
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be... Moderate Unreviewed
CVE-2016-9985 was published May 17, 2022
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016... High Unreviewed
CVE-2017-5153 was published May 17, 2022
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may... Critical Unreviewed
CVE-2016-8233 was published May 17, 2022
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and... High Unreviewed
CVE-2016-9344 was published May 17, 2022
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform... High Unreviewed
CVE-2016-8346 was published May 17, 2022
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could... Moderate Unreviewed
CVE-2017-5137 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database