Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,681
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,941
npm
3,473
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Information disclosure in podman Moderate
CVE-2020-14370 was published for github.com/containers/podman/v2 (Go) Apr 24, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
IlyaGrebnov
Sensitive information uncleared after debug/power state transition in the Controller 6000 could... Low Unreviewed
CVE-2023-41967 was published Dec 19, 2023
A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB,... Moderate Unreviewed
CVE-2023-3006 was published May 31, 2023
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks... Moderate Unreviewed
CVE-2023-1637 was published Mar 28, 2023
usememos/memos may leak user information to an authenticated user Moderate
CVE-2022-4734 was published for github.com/usememos/memos (Go) Dec 27, 2022
Wasmtime may have data leakage between instances in the pooling allocator High
CVE-2022-39393 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a... Moderate Unreviewed
CVE-2022-0171 was published Aug 27, 2022
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs High
CVE-2022-31162 was published for slack-morphism (Rust) Jul 20, 2022
tdunlap607
AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to... Moderate Unreviewed
CVE-2022-29900 was published Jul 13, 2022
Protected fields exposed via LiveQuery High
CVE-2022-31112 was published for parse-server (npm) Jul 6, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Vulnerability of residual files not being deleted after an update in the ChinaDRM module.... High Unreviewed
CVE-2021-46813 was published Jun 14, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk... Moderate Unreviewed
CVE-2022-1893 was published Jun 1, 2022
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).... High Unreviewed
CVE-2020-36476 was published May 24, 2022
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP... High Unreviewed
CVE-2020-14301 was published May 24, 2022
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to... High Unreviewed
CVE-2021-31780 was published May 24, 2022
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information... High Unreviewed
CVE-2021-0340 was published May 24, 2022
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000... Moderate Unreviewed
CVE-2021-3031 was published May 24, 2022
Some websites have a feature "Show Password" where clicking a button will change a password field... Moderate Unreviewed
CVE-2020-26965 was published May 24, 2022
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors... Moderate Unreviewed
CVE-2020-8696 was published May 24, 2022
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for... Low Unreviewed
CVE-2020-13179 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API