Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,773 advisories

Loading
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-11280 was published Dec 17, 2024
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11294 was published Dec 17, 2024
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. Moderate Unreviewed
CVE-2021-26281 was published Dec 17, 2024
Some parameters of the weather module are improperly stored, leaking some sensitive information. Moderate Unreviewed
CVE-2021-26279 was published Dec 17, 2024
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
Credited to jodygarnett
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-12578 was published Dec 14, 2024
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to... Moderate Unreviewed
CVE-2024-9945 was published Dec 13, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54118 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54119 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54117 was published Dec 12, 2024
Vulnerability of improper access control in the album module Impact: Successful exploitation of... Moderate Unreviewed
CVE-2024-54103 was published Dec 12, 2024
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due... Moderate Unreviewed
CVE-2024-12329 was published Dec 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open... Moderate Unreviewed
CVE-2024-12564 was published Dec 12, 2024
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-12255 was published Dec 12, 2024
The Restrict – membership, site, content and user access restrictions for WordPress plugin for... Moderate Unreviewed
CVE-2024-11351 was published Dec 11, 2024
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-11008 was published Dec 11, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-53244 was published Dec 10, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18,... Moderate Unreviewed
CVE-2024-53243 was published Dec 10, 2024
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11106 was published Dec 10, 2024
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-11292 was published Dec 6, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
Credited to ljyanesm and agilgur5
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated... Moderate Unreviewed
CVE-2024-11961 was published Nov 28, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
Credited to BagToad, andyfeller, williammartin, jtmcg, and Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Credited to BagToad, williammartin, andyfeller, jtmcg, and Ry0taK
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11083 was published Nov 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database