GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,770 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10217
was published
for
ansible
(pip)
Oct 12, 2021
Plaintext password leak in Apache Superset
High
CVE-2020-13952
was published
for
apache-superset
(pip)
Apr 30, 2021
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2024-20503
was published
Sep 4, 2024
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this...
High
Unreviewed
CVE-2023-46757
was published
Nov 8, 2023
The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to...
Moderate
Unreviewed
CVE-2023-2541
was published
Jun 7, 2023
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive...
Moderate
Unreviewed
CVE-2024-8106
was published
Sep 4, 2024
Access control vulnerability in the camera framework module
Impact: Successful exploitation of...
Moderate
Unreviewed
CVE-2024-45447
was published
Sep 4, 2024
Permission control vulnerability in the software update module.
Impact: Successful exploitation...
Moderate
Unreviewed
CVE-2024-45450
was published
Sep 4, 2024
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Moderate
CVE-2024-43803
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Sep 3, 2024
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation...
High
Unreviewed
CVE-2023-44112
was published
Jan 16, 2024
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious...
Moderate
Unreviewed
CVE-2023-43998
was published
Jan 24, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are...
Critical
Unreviewed
CVE-2024-6633
was published
Aug 27, 2024
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5,...
Moderate
Unreviewed
CVE-2024-3115
was published
Jun 27, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability...
Critical
Unreviewed
CVE-2023-40276
was published
Mar 19, 2024
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the...
Moderate
Unreviewed
CVE-2023-47392
was published
Nov 22, 2023
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with...
Critical
Unreviewed
CVE-2023-39337
was published
Nov 15, 2023
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list...
Moderate
Unreviewed
CVE-2024-42222
was published
Aug 7, 2024
Hwameistor Potential Permission Leakage of Cluster Level
Low
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-3679
was published
Aug 29, 2024
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
Moderate
Unreviewed
CVE-2024-2541
was published
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API