GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
Exposure of Sensitive Information in snipe/snipe-it
Moderate
CVE-2022-0569
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure...
Moderate
Unreviewed
CVE-2021-0524
was published
Feb 12, 2022
The password-reset form in ServiceNow Orlando provides different responses to invalid...
Moderate
Unreviewed
CVE-2021-45901
was published
Feb 11, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under...
Moderate
Unreviewed
CVE-2021-39021
was published
Feb 3, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing...
Moderate
Unreviewed
CVE-2019-25056
was published
Jan 27, 2022
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset...
Moderate
Unreviewed
CVE-2022-22120
was published
Jan 11, 2022
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in...
Moderate
Unreviewed
CVE-2021-20147
was published
Jan 4, 2022
An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers...
Moderate
Unreviewed
CVE-2020-35398
was published
Dec 24, 2021
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam...
Moderate
Unreviewed
CVE-2021-44875
was published
Dec 22, 2021
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam...
Moderate
Unreviewed
CVE-2021-44876
was published
Dec 22, 2021
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS ...
Moderate
Unreviewed
CVE-2021-44554
was published
Dec 21, 2021
In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine...
Moderate
Unreviewed
CVE-2021-1005
was published
Dec 16, 2021
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine...
Moderate
Unreviewed
CVE-2021-1009
was published
Dec 16, 2021
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an...
Moderate
Unreviewed
CVE-2021-1012
was published
Dec 16, 2021
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to...
Moderate
Unreviewed
CVE-2021-1014
was published
Dec 16, 2021
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService...
Moderate
Unreviewed
CVE-2021-1013
was published
Dec 16, 2021
In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is...
Moderate
Unreviewed
CVE-2021-1026
was published
Dec 16, 2021
In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way...
Moderate
Unreviewed
CVE-2021-1030
was published
Dec 16, 2021
Observable Discrepancy in Argo
Moderate
CVE-2020-11576
was published
for
github.com/argoproj/argo-cd
(Go)
Dec 9, 2021
Observable Discrepancy in Apache Kafka
Moderate
CVE-2021-38153
was published
for
org.apache.kafka:kafka-clients
(Maven)
Sep 23, 2021
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Observable Discrepancy in libsecp256k1-rs
Moderate
CVE-2019-20399
was published
for
libsecp256k1-rs
(Rust)
Aug 25, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
ProTip!
Advisories are also available from the
GraphQL API