Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,492 advisories

Loading
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This... Moderate Unreviewed
CVE-2024-5096 was published May 19, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download... Moderate Unreviewed
CVE-2024-32131 was published May 17, 2024
Data Leakage Vulnerability in livewire/livewire Moderate
GHSA-qwvp-268g-jjm8 was published for livewire/livewire (Composer) May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento Moderate
GHSA-hvgw-gg3p-295j was published for klaviyo/magento2-extension (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform REST API returns list of all SiteAccesses Moderate
GHSA-9wwx-c723-vm8x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter Moderate
GHSA-mvf6-3f2g-xfxf was published for endroid/qr-code-bundle (Composer) May 15, 2024
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an... Moderate Unreviewed
CVE-2024-4837 was published May 15, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
Anonymous PrestaShop customer can download other customers' invoices Moderate
CVE-2024-34717 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland
Scrapy leaks the authorization header on same-domain but cross-origin redirects Moderate
CVE-2024-1968 was published for Scrapy (pip) May 14, 2024
Szarny
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... Moderate Unreviewed
CVE-2024-27947 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy... Moderate Unreviewed
CVE-2024-35171 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird... Moderate Unreviewed
CVE-2024-35166 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme... Moderate Unreviewed
CVE-2024-34812 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job... Moderate Unreviewed
CVE-2024-34549 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue... Moderate Unreviewed
CVE-2024-35165 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in UkrSolution Barcode... Moderate Unreviewed
CVE-2024-34556 was published May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital... Moderate Unreviewed
CVE-2024-32100 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API