GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Internal exception message exposure for login action in Sylius
Low
CVE-2019-16768
was published
for
sylius/sylius
(Composer)
Dec 5, 2019
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Information leakage in Error Handler
Moderate
GHSA-9vxv-wpv4-f52p
was published
for
shopware/shopware
(Composer)
May 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2022-0079
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
User enumeration in livehelperchat
Moderate
CVE-2022-0083
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Generation of Error Message Containing Sensitive Information in microweber
Moderate
CVE-2022-0504
was published
for
microweber/microweber
(Composer)
Feb 9, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT
Moderate
CVE-2022-0622
was published
for
snipe/snipe-it
(Composer)
Feb 18, 2022
Generation of Error Message Containing Sensitive Information in microweber
High
CVE-2022-0660
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
Path Disclosure within joomla/filesystem class
Moderate
CVE-2022-23794
was published
for
joomla/filesystem
(Composer)
Mar 31, 2022
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core
Moderate
CVE-2022-31047
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
High
CVE-2023-46240
was published
for
codeigniter4/framework
(Composer)
Oct 30, 2023
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Moderate
CVE-2023-47636
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Nov 15, 2023
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
Drupal Full Path Disclosure
Moderate
CVE-2024-45440
was published
for
drupal/core
(Composer)
Aug 29, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API