Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list... High Unreviewed
CVE-2023-49981 was published Mar 21, 2024
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an... High Unreviewed
CVE-2024-2632 was published Mar 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has... High Unreviewed
CVE-2023-40278 was published Mar 19, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive... High Unreviewed
CVE-2024-27769 was published Mar 18, 2024
Insecure Variable Substitution in Vela High
CVE-2024-28236 was published for github.com/go-vela/worker (Go) Mar 14, 2024
gdiepen
Credited to gdiepen
This allows attackers to use a maliciously formed API request to gain access to an API... High Unreviewed
CVE-2024-1222 was published Mar 14, 2024
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40... High Unreviewed
CVE-2024-28340 was published Mar 12, 2024
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and... High Unreviewed
CVE-2024-1302 was published Mar 12, 2024
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14... High Unreviewed
CVE-2024-23235 was published Mar 8, 2024
CasaOS-UserService allows unauthorized access to any file High
CVE-2024-24765 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
Cp0204
Credited to Cp0204
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop... High Unreviewed
CVE-2024-25839 was published Mar 3, 2024
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. High Unreviewed
CVE-2024-23302 was published Feb 29, 2024
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via... High Unreviewed
CVE-2024-27356 was published Feb 27, 2024
In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a... High Unreviewed
CVE-2024-24309 was published Feb 24, 2024
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
Credited to ranjit-git
An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX... High Unreviewed
CVE-2023-51787 was published Feb 15, 2024
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability High Unreviewed
CVE-2024-21380 was published Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Credited to ohader
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could... High Unreviewed
CVE-2024-0242 was published Feb 8, 2024
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can... High Unreviewed
CVE-2024-24304 was published Feb 7, 2024
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a... High Unreviewed
CVE-2024-22022 was published Feb 7, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP... High Unreviewed
CVE-2024-23506 was published Jan 27, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Credited to Nothing4You
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database