GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,492 advisories
Filter by severity
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This...
Moderate
Unreviewed
CVE-2024-5096
was published
May 19, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download...
Moderate
Unreviewed
CVE-2024-32131
was published
May 17, 2024
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento
Moderate
GHSA-hvgw-gg3p-295j
was published
for
klaviyo/magento2-extension
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Moderate
GHSA-mvf6-3f2g-xfxf
was published
for
endroid/qr-code-bundle
(Composer)
May 15, 2024
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an...
Moderate
Unreviewed
CVE-2024-4837
was published
May 15, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Anonymous PrestaShop customer can download other customers' invoices
Moderate
CVE-2024-34717
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
CVE-2024-1968
was published
for
Scrapy
(pip)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected...
Moderate
Unreviewed
CVE-2024-27947
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy...
Moderate
Unreviewed
CVE-2024-35171
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird...
Moderate
Unreviewed
CVE-2024-35166
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme...
Moderate
Unreviewed
CVE-2024-34812
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job...
Moderate
Unreviewed
CVE-2024-34549
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue...
Moderate
Unreviewed
CVE-2024-35165
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in UkrSolution Barcode...
Moderate
Unreviewed
CVE-2024-34556
was published
May 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital...
Moderate
Unreviewed
CVE-2024-32100
was published
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API