Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

258 advisories

Loading
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the... Critical Unreviewed
CVE-2023-51154 was published Jan 4, 2024
Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this... Critical Unreviewed
CVE-2023-52101 was published Jan 16, 2024
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Credited to chaen, aldbr, and chrisburr
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor... Critical Unreviewed
CVE-2024-27905 was published Feb 27, 2024
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `... Critical Unreviewed
CVE-2024-0765 was published Mar 3, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability... Critical Unreviewed
CVE-2023-40276 was published Mar 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via... Critical Unreviewed
CVE-2023-40275 was published Mar 19, 2024
By knowing an organization's ID, an attacker can join the organization without permission and... Critical Unreviewed
CVE-2024-1643 was published Apr 10, 2024
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-30922 was published Apr 18, 2024
A vulnerability in Brocade SANnav ova versions before Brocade SANnav v2.3.1 and v2.3.0a exposes... Critical Unreviewed
CVE-2024-4173 was published Apr 25, 2024
An exposure of sensitive information vulnerability has been reported to affect Media Streaming... Critical Unreviewed
CVE-2023-47222 was published Apr 26, 2024
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote... Critical Unreviewed
CVE-2024-4300 was published Apr 29, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4008 was published Jun 5, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure... Critical Unreviewed
CVE-2024-5133 was published Jun 6, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30300 was published Jun 13, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10... Critical Unreviewed
CVE-2012-6664 was published Jun 22, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported... Critical Unreviewed
CVE-2024-5535 was published Jun 27, 2024
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37113 was published Jul 10, 2024
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials... Critical Unreviewed
CVE-2024-6407 was published Jul 11, 2024
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a... Critical Unreviewed
CVE-2024-42049 was published Jul 28, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42394 was published Aug 6, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are... Critical Unreviewed
CVE-2024-6633 was published Aug 27, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM... Critical Unreviewed
CVE-2024-38650 was published Sep 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database