Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

256 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37113 was published Jul 10, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30300 was published Jun 13, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure... Critical Unreviewed
CVE-2024-5133 was published Jun 6, 2024
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote... Critical Unreviewed
CVE-2024-4300 was published Apr 29, 2024
An exposure of sensitive information vulnerability has been reported to affect Media Streaming... Critical Unreviewed
CVE-2023-47222 was published Apr 26, 2024
Credential leak in org.apache.directory.api:apache-ldap-api Critical
CVE-2018-1337 was published for org.apache.directory.api:apache-ldap-api (Maven) Nov 9, 2018
By knowing an organization's ID, an attacker can join the organization without permission and... Critical Unreviewed
CVE-2024-1643 was published Apr 10, 2024
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (... Critical Unreviewed
CVE-2022-32221 was published Dec 6, 2022
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive... Critical Unreviewed
CVE-2023-5576 was published Oct 20, 2023
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to... Critical Unreviewed
CVE-2023-5642 was published Oct 18, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform ... Critical Unreviewed
CVE-2023-28765 was published Jul 6, 2023
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-48510 was published Jul 6, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
Vulnerability of incomplete read and write permission verification in the GPU module. Successful... Critical Unreviewed
CVE-2021-46891 was published Jul 5, 2023
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM... Critical Unreviewed
CVE-2023-32113 was published May 9, 2023
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a... Critical Unreviewed
CVE-2019-15859 was published May 24, 2022
HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) version 4.1 through 4.4.... Critical Unreviewed
CVE-2019-11991 was published May 24, 2022
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext... Critical Unreviewed
CVE-2018-20839 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed
CVE-2021-45420 was published Feb 15, 2022
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `... Critical Unreviewed
CVE-2024-0765 was published Mar 3, 2024
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended... Critical Unreviewed
CVE-2010-2783 was published Apr 21, 2022
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Credited to ohader
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database