Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,064 advisories

Loading
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
cs278
Credited to nicolas-grekas, zozs, and cs278
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere... Low Unreviewed
CVE-2024-30106 was published Oct 29, 2024
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). ... Low Unreviewed
CVE-2024-21209 was published Oct 15, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user... Low Unreviewed
CVE-2024-30118 was published Oct 9, 2024
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in... Low Unreviewed
CVE-2024-33506 was published Oct 8, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 Low
GHSA-wpr2-j6gr-pjw9 was published for github.com/opentofu/opentofu (Go) Oct 3, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Low
CVE-2024-47197 was published for org.apache.maven.plugins:maven-archetype-plugin (Maven) Sep 26, 2024
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in... Low Unreviewed
CVE-2023-5359 was published Sep 25, 2024
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for... Low Unreviewed
CVE-2024-8612 was published Sep 20, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An... Low Unreviewed
CVE-2024-44180 was published Sep 17, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An... Low Unreviewed
CVE-2024-44139 was published Sep 17, 2024
A privacy issue was addressed by moving sensitive data to a protected location. This issue is... Low Unreviewed
CVE-2024-40838 was published Sep 17, 2024
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Low Unreviewed
CVE-2024-40798 was published Jul 30, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2023-42948 was published Jul 29, 2024
The issue was addressed with improved restriction of data container access. This issue is fixed... Low Unreviewed
CVE-2023-42925 was published Jul 29, 2024
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all... Low Unreviewed
CVE-2024-7060 was published Jul 25, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven cgurnik
Credited to kmichel-aiven and cgurnik
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM... Low Unreviewed
CVE-2023-52238 was published Jul 9, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a... Low Unreviewed
CVE-2024-39807 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads... Low Unreviewed
CVE-2024-39353 was published Jul 3, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A... Low Unreviewed
CVE-2024-6294 was published Jun 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database