GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,367 advisories
Filter by severity
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the...
High
Unreviewed
CVE-2024-6861
was published
Nov 6, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack...
High
Unreviewed
CVE-2024-7010
was published
Oct 29, 2024
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9627
was published
Oct 22, 2024
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9821
was published
Oct 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a...
High
Unreviewed
CVE-2024-43610
was published
Oct 9, 2024
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-45245
was published
Oct 6, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes...
High
Unreviewed
CVE-2024-46471
was published
Sep 27, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information...
High
Unreviewed
CVE-2024-6406
was published
Sep 18, 2024
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An...
High
Unreviewed
CVE-2024-40862
was published
Sep 17, 2024
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and...
High
Unreviewed
CVE-2024-46938
was published
Sep 16, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information...
High
Unreviewed
CVE-2024-3305
was published
Sep 12, 2024
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a...
High
Unreviewed
CVE-2024-45624
was published
Sep 12, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before...
High
Unreviewed
CVE-2024-37397
was published
Sep 12, 2024
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
High
Unreviewed
CVE-2023-37232
was published
Sep 10, 2024
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows...
High
Unreviewed
CVE-2024-44408
was published
Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo...
High
Unreviewed
CVE-2024-43289
was published
Aug 26, 2024
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The...
High
Unreviewed
CVE-2024-39344
was published
Aug 21, 2024
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-41700
was published
Aug 20, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-42657
was published
Aug 19, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-42658
was published
Aug 19, 2024
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux....
High
Unreviewed
CVE-2024-27120
was published
Aug 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment...
High
Unreviewed
CVE-2024-38747
was published
Aug 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and...
High
Unreviewed
CVE-2024-38787
was published
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API