GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,635 advisories
Filter by severity
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration...
Moderate
Unreviewed
CVE-2024-23562
was published
Jul 8, 2024
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose...
High
Unreviewed
CVE-2024-40597
was published
Jul 7, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read...
High
Unreviewed
CVE-2024-39210
was published
Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Moderate
CVE-2024-32498
was published
for
cinder
(pip)
Jul 5, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ...
High
Unreviewed
CVE-2024-6506
was published
Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which...
High
Unreviewed
CVE-2024-6426
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties
Moderate
CVE-2024-34696
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions...
Moderate
Unreviewed
CVE-2024-36986
was published
Jul 1, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported...
Critical
Unreviewed
CVE-2024-5535
was published
Jun 27, 2024
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5,...
Moderate
Unreviewed
CVE-2024-3115
was published
Jun 27, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController...
High
Unreviewed
CVE-2024-5010
was published
Jun 25, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A...
Low
Unreviewed
CVE-2024-6294
was published
Jun 25, 2024
In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can...
High
Unreviewed
CVE-2024-34991
was published
Jun 25, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10...
Critical
Unreviewed
CVE-2012-6664
was published
Jun 22, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP...
Moderate
Unreviewed
CVE-2024-35776
was published
Jun 21, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event...
Moderate
Unreviewed
CVE-2024-5059
was published
Jun 21, 2024
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in...
High
Unreviewed
CVE-2024-22002
was published
Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API