GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,836 advisories
Filter by severity
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote...
High
Unreviewed
CVE-2023-39620
was published
Sep 8, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and...
Moderate
Unreviewed
CVE-2023-37484
was published
Aug 8, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker...
Moderate
Unreviewed
CVE-2023-36926
was published
Aug 8, 2023
In some configuration scenarios, the Domino server host name can be exposed. This information...
Moderate
Unreviewed
CVE-2023-28010
was published
Sep 8, 2023
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8538
was published
Sep 7, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
This allows attackers to use a maliciously formed API request to gain access to an API...
High
Unreviewed
CVE-2024-1222
was published
Mar 14, 2024
This vulnerability potentially allows unauthorized enumeration of information from the embedded...
Moderate
Unreviewed
CVE-2024-1223
was published
Mar 14, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code...
Critical
Unreviewed
CVE-2024-30922
was published
Apr 18, 2024
An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain...
High
Unreviewed
CVE-2023-42387
was published
Sep 18, 2023
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel...
Moderate
Unreviewed
CVE-2023-39045
was published
Sep 20, 2023
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were...
High
Unreviewed
CVE-2023-39677
was published
Sep 20, 2023
Cros secrets may be disclosed to untrusted relay
Moderate
CVE-2023-43617
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress...
Moderate
Unreviewed
CVE-2024-43237
was published
Sep 25, 2024
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in...
Moderate
Unreviewed
CVE-2024-8516
was published
Sep 25, 2024
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure...
Moderate
Unreviewed
CVE-2023-38344
was published
Sep 21, 2023
Data security classification vulnerability in the DDMP module. Successful exploitation of this...
High
Unreviewed
CVE-2023-41293
was published
Sep 25, 2023
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions...
Moderate
Unreviewed
CVE-2024-8483
was published
Sep 25, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-8801
was published
Sep 25, 2024
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access...
Moderate
Unreviewed
CVE-2023-39052
was published
Sep 20, 2023
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
jwcrypto lacks the Random Filling protection mechanism
Moderate
CVE-2016-6298
was published
for
jwcrypto
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API