Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,635 advisories

Loading
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an... Low Unreviewed
CVE-2024-23557 was published Apr 18, 2024
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42394 was published Aug 6, 2024
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a... Moderate Unreviewed
CVE-2024-34788 was published Aug 7, 2024
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list... Unknown Unreviewed
CVE-2024-42222 was published Aug 7, 2024
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic.... Moderate Unreviewed
CVE-2024-7156 was published Jul 28, 2024
A validated user not explicitly authorized to have access to certain sensitive information could... High Unreviewed
CVE-2023-40159 was published Jul 18, 2024
Directus Allows Single Sign-On User Enumeration High
CVE-2024-39896 was published for directus (npm) Jul 8, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost incorrectly allows access individual posts Low
CVE-2024-1952 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Mattermost notified all users in the channel when using WebSockets to respond individually Moderate
CVE-2023-48732 was published for github.com/mattermost/mattermost-server/v6 (Go) Jan 2, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access Moderate
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Zitadel exposing internal database user name and host information Moderate
CVE-2024-32967 was published for github.com/zitadel/zitadel (Go) May 1, 2024
stiwari99 fforootd
livio-a
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
CubeFS leaks magic secret key when starting Blobstore access service Moderate
CVE-2023-46741 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-44312 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Grafana world readable configuration files Moderate
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote... High Unreviewed
CVE-2024-33309 was published Apr 30, 2024
ProTip! Advisories are also available from the GraphQL API