Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing... High Unreviewed
CVE-2024-22154 was published Jan 24, 2024
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In... High Unreviewed
CVE-2020-36771 was published Jan 22, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
Credited to dariushoule
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
Credited to davwwwx
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation... High Unreviewed
CVE-2023-44112 was published Jan 16, 2024
The "tokenKey" value used in user authorization is visible in the HTML source of the login page. High Unreviewed
CVE-2023-49261 was published Jan 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon... High Unreviewed
CVE-2023-52190 was published Jan 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe... High Unreviewed
CVE-2023-52143 was published Jan 5, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
pfeifferj
Credited to pfeifferj
There is a possible information disclosure due to a missing permission check. This could lead to... High Unreviewed
CVE-2023-4164 was published Jan 3, 2024
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database... High Unreviewed
CVE-2023-52286 was published Dec 31, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange... High Unreviewed
CVE-2022-44589 was published Dec 29, 2023
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when... High Unreviewed
CVE-2023-50968 was published Dec 26, 2023
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to... High Unreviewed
CVE-2023-40058 was published Dec 21, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress... High Unreviewed
CVE-2023-48288 was published Dec 21, 2023
A potential security vulnerability has been identified with HP-UX System Management Homepage ... High Unreviewed
CVE-2023-50271 was published Dec 17, 2023
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
Credited to emilong
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version... High Unreviewed
CVE-2023-0248 was published Dec 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A... High Unreviewed
CVE-2023-48671 was published Dec 14, 2023
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757,... High Unreviewed
CVE-2023-49580 was published Dec 12, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx savely-krasovsky
Credited to Merricx and savely-krasovsky
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid... High Unreviewed
CVE-2023-40211 was published Nov 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database