GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,773 advisories
Filter by severity
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST...
Moderate
Unreviewed
CVE-2024-47044
was published
Sep 26, 2024
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management...
Moderate
Unreviewed
CVE-2024-45983
was published
Sep 26, 2024
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
Moderate
Unreviewed
CVE-2024-46632
was published
Sep 26, 2024
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users...
Moderate
Unreviewed
CVE-2024-8118
was published
Sep 26, 2024
The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and...
Moderate
Unreviewed
CVE-2024-6887
was published
Sep 12, 2024
The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is...
Moderate
Unreviewed
CVE-2024-7816
was published
Sep 12, 2024
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2024-5799
was published
Sep 12, 2024
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and...
Moderate
Unreviewed
CVE-2023-37484
was published
Aug 8, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Moderate
CVE-2024-47075
was published
for
layui
(npm)
Sep 26, 2024
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Moderate
CVE-2024-45042
was published
for
github.com/ory/kratos
(Go)
Sep 26, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
HashiCorp Vault Improper Input Validation vulnerability
Moderate
CVE-2023-4680
was published
for
github.com/hashicorp/vault
(Go)
Sep 15, 2023
Denial of service in rocket chat message parser
Moderate
CVE-2024-46935
was published
for
@rocket.chat/message-parser
(npm)
Sep 25, 2024
An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access...
Moderate
Unreviewed
CVE-2024-46327
was published
Sep 26, 2024
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially...
Moderate
Unreviewed
CVE-2024-30134
was published
Sep 26, 2024
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the...
Moderate
Unreviewed
CVE-2024-47048
was published
Sep 25, 2024
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based...
Moderate
Unreviewed
CVE-2024-46934
was published
Sep 25, 2024
An information disclosure issue has been discovered in GitLab EE affecting all versions starting...
Moderate
Unreviewed
CVE-2024-4278
was published
Sep 26, 2024
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of...
Moderate
Unreviewed
CVE-2024-47128
was published
Sep 26, 2024
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static...
Moderate
Unreviewed
CVE-2024-45374
was published
Sep 26, 2024
A flaw was found in oVirt. A user with administrator privileges, including users with the...
Moderate
Unreviewed
CVE-2024-7259
was published
Sep 26, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted
messages without any...
Moderate
Unreviewed
CVE-2024-43108
was published
Sep 26, 2024
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress...
Moderate
Unreviewed
CVE-2024-8771
was published
Sep 26, 2024
ProTip!
Advisories are also available from the
GraphQL API