Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

635 advisories

Loading
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for... Moderate Unreviewed
CVE-2019-5634 was published May 24, 2022
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. Moderate Unreviewed
CVE-2019-13515 was published May 24, 2022
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could... Moderate Unreviewed
CVE-2019-1953 was published May 24, 2022
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. Moderate Unreviewed
CVE-2018-20956 was published May 24, 2022
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain... Moderate Unreviewed
CVE-2019-4284 was published May 24, 2022
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). Moderate Unreviewed
CVE-2017-18426 was published May 24, 2022
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). Low Unreviewed
CVE-2017-18423 was published May 24, 2022
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of... Low Unreviewed
CVE-2017-18412 was published May 24, 2022
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC... Moderate Unreviewed
CVE-2016-10819 was published May 24, 2022
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an... Moderate Unreviewed
CVE-2019-14268 was published May 24, 2022
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1... Moderate Unreviewed
CVE-2019-11273 was published May 24, 2022
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when... Moderate Unreviewed
CVE-2019-13098 was published May 24, 2022
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were... Moderate Unreviewed
CVE-2019-10194 was published May 24, 2022
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1,... Moderate Unreviewed
CVE-2018-19583 was published May 24, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain... Moderate Unreviewed
CVE-2019-4299 was published May 24, 2022
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a... Low Unreviewed
CVE-2019-4296 was published May 24, 2022
Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1,... High Unreviewed
CVE-2019-11271 was published May 24, 2022
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. High Unreviewed
CVE-2019-9929 was published May 24, 2022
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used... High Unreviewed
CVE-2019-11336 was published May 24, 2022
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy... Moderate Unreviewed
CVE-2019-6158 was published May 24, 2022
ProjectSend before r1070 writes user passwords to the server logs. High Unreviewed
CVE-2019-11492 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an... High Unreviewed
CVE-2019-9724 was published May 24, 2022
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a... High Unreviewed
CVE-2019-9734 was published May 24, 2022
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s... High Unreviewed
CVE-2019-6157 was published May 24, 2022
All versions of unity-scope-gdrive logs search terms to syslog. Moderate Unreviewed
CVE-2015-1343 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database