GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,053 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress...
Moderate
Unreviewed
CVE-2024-43237
was published
Sep 25, 2024
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in...
Moderate
Unreviewed
CVE-2024-8516
was published
Sep 25, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-8801
was published
Sep 25, 2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for...
Moderate
Unreviewed
CVE-2024-7426
was published
Sep 25, 2024
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions...
Moderate
Unreviewed
CVE-2024-8483
was published
Sep 25, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This...
Moderate
Unreviewed
CVE-2024-8969
was published
Sep 18, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query...
Moderate
Unreviewed
CVE-2024-8780
was published
Sep 16, 2024
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability...
Moderate
Unreviewed
CVE-2024-44685
was published
Sep 13, 2024
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions...
Moderate
Unreviewed
CVE-2024-6544
was published
Sep 13, 2024
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to...
Moderate
Unreviewed
CVE-2024-41629
was published
Sep 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform...
Moderate
Unreviewed
CVE-2024-8097
was published
Sep 11, 2024
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4...
Moderate
Unreviewed
CVE-2024-31490
was published
Sep 10, 2024
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All...
Moderate
Unreviewed
CVE-2024-37991
was published
Sep 10, 2024
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8538
was published
Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7415
was published
Sep 6, 2024
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This...
Moderate
Unreviewed
CVE-2024-8461
was published
Sep 5, 2024
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01....
Moderate
Unreviewed
CVE-2024-8460
was published
Sep 5, 2024
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information...
Moderate
Unreviewed
CVE-2024-6835
was published
Sep 5, 2024
ProTip!
Advisories are also available from the
GraphQL API