Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

985 advisories

Loading
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in... Low Unreviewed
CVE-2023-5359 was published Sep 25, 2024
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for... Low Unreviewed
CVE-2024-8612 was published Sep 20, 2024
Hwameistor Potential Permission Leakage of Cluster Level Low
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all... Low Unreviewed
CVE-2024-7060 was published Jul 25, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) Low
CVE-2024-39919 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM... Low Unreviewed
CVE-2023-52238 was published Jul 9, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a... Low Unreviewed
CVE-2024-39807 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads... Low Unreviewed
CVE-2024-39353 was published Jul 3, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A... Low Unreviewed
CVE-2024-6294 was published Jun 25, 2024
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated... Low Unreviewed
CVE-2024-34684 was published Jun 11, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP... Low Unreviewed
CVE-2023-52147 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login... Low Unreviewed
CVE-2023-48335 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries... Low Unreviewed
CVE-2023-49822 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,... Low Unreviewed
CVE-2023-49748 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login... Low Unreviewed
CVE-2023-47818 was published Jun 4, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on... Low Unreviewed
CVE-2023-38301 was published Apr 22, 2024
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an... Low Unreviewed
CVE-2024-23557 was published Apr 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database