Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. High Unreviewed
CVE-2023-37232 was published Sep 10, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property High
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
Credited to maltezellic
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Credited to pwntester
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Credited to kldavis4 and mattsbennett
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo... High Unreviewed
CVE-2024-43289 was published Aug 26, 2024
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The... High Unreviewed
CVE-2024-39344 was published Aug 21, 2024
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. High Unreviewed
CVE-2024-42006 was published Aug 20, 2024
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-41700 was published Aug 20, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42657 was published Aug 19, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42658 was published Aug 19, 2024
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux.... High Unreviewed
CVE-2024-27120 was published Aug 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment... High Unreviewed
CVE-2024-38747 was published Aug 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and... High Unreviewed
CVE-2024-38787 was published Aug 13, 2024
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII)... High Unreviewed
CVE-2024-33003 was published Aug 13, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
Microsoft Office Spoofing Vulnerability High Unreviewed
CVE-2024-38200 was published Aug 12, 2024
CloudStack account-users by default use username and password based authentication for API and UI... High Unreviewed
CVE-2024-42062 was published Aug 7, 2024
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters... High Unreviewed
CVE-2024-42010 was published Aug 5, 2024
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable... High Unreviewed
CVE-2024-6331 was published Aug 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr... High Unreviewed
CVE-2024-38761 was published Aug 2, 2024
Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive... High Unreviewed
CVE-2024-41696 was published Jul 30, 2024
A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS... High Unreviewed
CVE-2024-40836 was published Jul 30, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Credited to oscerd
A validated user not explicitly authorized to have access to certain sensitive information could... High Unreviewed
CVE-2023-40159 was published Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database