Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

113,773 advisories

Loading
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST... Moderate Unreviewed
CVE-2024-47044 was published Sep 26, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management... Moderate Unreviewed
CVE-2024-45983 was published Sep 26, 2024
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. Moderate Unreviewed
CVE-2024-46632 was published Sep 26, 2024
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users... Moderate Unreviewed
CVE-2024-8118 was published Sep 26, 2024
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and... Moderate Unreviewed
CVE-2024-6887 was published Sep 12, 2024
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is... Moderate Unreviewed
CVE-2024-7816 was published Sep 12, 2024
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-5799 was published Sep 12, 2024
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and... Moderate Unreviewed
CVE-2023-37484 was published Aug 8, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker... Moderate Unreviewed
CVE-2023-36926 was published Aug 8, 2023
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting Moderate
CVE-2024-47075 was published for layui (npm) Sep 26, 2024
jackfromeast ishmeals
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials Moderate
CVE-2024-45042 was published for github.com/ory/kratos (Go) Sep 26, 2024
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
HashiCorp Vault Improper Input Validation vulnerability Moderate
CVE-2023-4680 was published for github.com/hashicorp/vault (Go) Sep 15, 2023
Denial of service in rocket chat message parser Moderate
CVE-2024-46935 was published for @rocket.chat/message-parser (npm) Sep 25, 2024
An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access... Moderate Unreviewed
CVE-2024-46327 was published Sep 26, 2024
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially... Moderate Unreviewed
CVE-2024-30134 was published Sep 26, 2024
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the... Moderate Unreviewed
CVE-2024-47048 was published Sep 25, 2024
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based... Moderate Unreviewed
CVE-2024-46934 was published Sep 25, 2024
An information disclosure issue has been discovered in GitLab EE affecting all versions starting... Moderate Unreviewed
CVE-2024-4278 was published Sep 26, 2024
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of... Moderate Unreviewed
CVE-2024-47128 was published Sep 26, 2024
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static... Moderate Unreviewed
CVE-2024-45374 was published Sep 26, 2024
A flaw was found in oVirt. A user with administrator privileges, including users with the... Moderate Unreviewed
CVE-2024-7259 was published Sep 26, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress... Moderate Unreviewed
CVE-2024-8771 was published Sep 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database