Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,593 advisories

Loading
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes... High Unreviewed
CVE-2024-46471 was published Sep 27, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information... High Unreviewed
CVE-2024-6406 was published Sep 18, 2024
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An... High Unreviewed
CVE-2024-40862 was published Sep 17, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and... High Unreviewed
CVE-2024-46938 was published Sep 16, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information... High Unreviewed
CVE-2024-3305 was published Sep 12, 2024
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a... High Unreviewed
CVE-2024-45624 was published Sep 12, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before... High Unreviewed
CVE-2024-37397 was published Sep 12, 2024
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. High Unreviewed
CVE-2023-37232 was published Sep 10, 2024
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo... High Unreviewed
CVE-2024-43289 was published Aug 26, 2024
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The... High Unreviewed
CVE-2024-39344 was published Aug 21, 2024
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-41700 was published Aug 20, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42657 was published Aug 19, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42658 was published Aug 19, 2024
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux.... High Unreviewed
CVE-2024-27120 was published Aug 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and... High Unreviewed
CVE-2024-38787 was published Aug 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment... High Unreviewed
CVE-2024-38747 was published Aug 13, 2024
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII)... High Unreviewed
CVE-2024-33003 was published Aug 13, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
Microsoft Office Spoofing Vulnerability High Unreviewed
CVE-2024-38200 was published Aug 12, 2024
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database