GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
303 advisories
Filter by severity
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not...
Unknown
Unreviewed
CVE-2023-40457
was published
Nov 11, 2024
HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive...
Moderate
Unreviewed
CVE-2024-30141
was published
Nov 7, 2024
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs...
High
Unreviewed
CVE-2024-51560
was published
Nov 4, 2024
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api...
High
Unreviewed
CVE-2024-39719
was published
Oct 31, 2024
Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti...
Moderate
Unreviewed
CVE-2024-50512
was published
Oct 30, 2024
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can...
Low
Unreviewed
CVE-2023-50355
was published
Oct 24, 2024
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non...
Moderate
Unreviewed
CVE-2024-45713
was published
Oct 17, 2024
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows...
Moderate
Unreviewed
CVE-2024-44762
was published
Oct 16, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for...
Moderate
Unreviewed
CVE-2024-7426
was published
Sep 25, 2024
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions...
Moderate
Unreviewed
CVE-2024-6544
was published
Sep 13, 2024
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15...
Moderate
Unreviewed
CVE-2024-5435
was published
Sep 12, 2024
A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It...
Moderate
Unreviewed
CVE-2024-8571
was published
Sep 8, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7415
was published
Sep 6, 2024
Drupal Full Path Disclosure
Moderate
CVE-2024-45440
was published
for
drupal/core
(Composer)
Aug 29, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full...
Moderate
Unreviewed
CVE-2024-6551
was published
Aug 29, 2024
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0...
Moderate
Unreviewed
CVE-2023-47728
was published
Aug 16, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-39751
was published
Aug 6, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server...
Critical
Unreviewed
CVE-2024-6980
was published
Jul 31, 2024
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML...
Low
Unreviewed
CVE-2024-5250
was published
Jul 30, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID
High
GHSA-8c64-q78q-87r6
was published
for
github.com/juju/juju
(Go)
Jul 29, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API