Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,883 advisories

Loading
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Credited to texpert
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information... High Unreviewed
CVE-2024-6406 was published Sep 18, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is... High Unreviewed
CVE-2024-44152 was published Sep 17, 2024
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An... High Unreviewed
CVE-2024-40862 was published Sep 17, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and... High Unreviewed
CVE-2024-46938 was published Sep 16, 2024
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding... High Unreviewed
CVE-2024-39925 was published Sep 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information... High Unreviewed
CVE-2024-3305 was published Sep 12, 2024
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a... High Unreviewed
CVE-2024-45624 was published Sep 12, 2024
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before... High Unreviewed
CVE-2024-37397 was published Sep 12, 2024
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. High Unreviewed
CVE-2023-37232 was published Sep 10, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property High
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
Credited to maltezellic
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
Credited to pwntester
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Credited to kldavis4 and mattsbennett
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo... High Unreviewed
CVE-2024-43289 was published Aug 26, 2024
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The... High Unreviewed
CVE-2024-39344 was published Aug 21, 2024
Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. High Unreviewed
CVE-2024-42006 was published Aug 20, 2024
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-41700 was published Aug 20, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42657 was published Aug 19, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42658 was published Aug 19, 2024
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux.... High Unreviewed
CVE-2024-27120 was published Aug 14, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and... High Unreviewed
CVE-2024-38787 was published Aug 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment... High Unreviewed
CVE-2024-38747 was published Aug 13, 2024
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII)... High Unreviewed
CVE-2024-33003 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database