Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,836 advisories

Loading
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote... High Unreviewed
CVE-2023-39620 was published Sep 8, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and... Moderate Unreviewed
CVE-2023-37484 was published Aug 8, 2023
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker... Moderate Unreviewed
CVE-2023-36926 was published Aug 8, 2023
In some configuration scenarios, the Domino server host name can be exposed. This information... Moderate Unreviewed
CVE-2023-28010 was published Sep 8, 2023
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8538 was published Sep 7, 2024
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
This allows attackers to use a maliciously formed API request to gain access to an API... High Unreviewed
CVE-2024-1222 was published Mar 14, 2024
This vulnerability potentially allows unauthorized enumeration of information from the embedded... Moderate Unreviewed
CVE-2024-1223 was published Mar 14, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property Moderate
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-30922 was published Apr 18, 2024
An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain... High Unreviewed
CVE-2023-42387 was published Sep 18, 2023
Strapi's field level permissions not being respected in relationship title Moderate
CVE-2023-37263 was published for @strapi/plugin-content-manager (npm) Sep 13, 2023
Boegie19 derrickmehaffy
alexandrebodin
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel... Moderate Unreviewed
CVE-2023-39045 was published Sep 20, 2023
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were... High Unreviewed
CVE-2023-39677 was published Sep 20, 2023
Cros secrets may be disclosed to untrusted relay Moderate
CVE-2023-43617 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress... Moderate Unreviewed
CVE-2024-43237 was published Sep 25, 2024
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in... Moderate Unreviewed
CVE-2024-8516 was published Sep 25, 2024
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure... Moderate Unreviewed
CVE-2023-38344 was published Sep 21, 2023
Data security classification vulnerability in the DDMP module. Successful exploitation of this... High Unreviewed
CVE-2023-41293 was published Sep 25, 2023
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions... Moderate Unreviewed
CVE-2024-8483 was published Sep 25, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-8801 was published Sep 25, 2024
An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access... Moderate Unreviewed
CVE-2023-39052 was published Sep 20, 2023
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure High
CVE-2015-0260 was published for Kallithea (pip) May 13, 2022
jwcrypto lacks the Random Filling protection mechanism Moderate
CVE-2016-6298 was published for jwcrypto (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database