GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,781
NuGet
681
pip
3,460
Pub
12
RubyGems
893
Rust
891
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,672 advisories
Filter by severity
SQL injection in JeecgBoot
High
CVE-2024-57606
was published
for
org.jeecgframework.boot:jeecg-boot-common
(Maven)
Feb 8, 2025
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via...
High
Unreviewed
CVE-2024-55272
was published
Feb 8, 2025
Connect-CMS information that is restricted to viewing is visible
High
GHSA-2237-5r9w-vm8j
was published
for
opensource-workshop/connect-cms
(Composer)
Feb 7, 2025
An information disclosure vulnerability exists in the Vault API functionality of ClearML...
High
Unreviewed
CVE-2024-43779
was published
Feb 6, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring
High
CVE-2024-57436
was published
for
com.ruoyi:ruoyi
(Maven)
Jan 29, 2025
A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix...
High
Unreviewed
CVE-2025-0659
was published
Jan 28, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is...
High
Unreviewed
CVE-2024-13562
was published
Jan 25, 2025
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent...
High
Unreviewed
CVE-2024-43707
was published
Jan 23, 2025
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
High
CVE-2024-41672
was published
for
duckdb
(pip)
Jan 21, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that...
High
Unreviewed
CVE-2024-12142
was published
Jan 17, 2025
Eugeny Tabby Sends Password Despite Host Key Verification Failure
High
CVE-2024-48460
was published
for
tabby-ssh
(npm)
Jan 17, 2025
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This...
High
Unreviewed
CVE-2025-0472
was published
Jan 16, 2025
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials
High
CVE-2024-50338
was published
for
git-credential-manager
(NuGet)
Jan 14, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid...
High
Unreviewed
CVE-2023-24010
was published
Jan 9, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid...
High
Unreviewed
CVE-2023-24012
was published
Jan 9, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid...
High
Unreviewed
CVE-2023-24011
was published
Jan 9, 2025
fetch: Authorization headers not dropped when redirecting cross-origin
High
CVE-2025-21620
was published
for
deno
(Rust)
Jan 6, 2025
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-47922
was published
Dec 30, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member...
High
Unreviewed
CVE-2024-8326
was published
Dec 17, 2024
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse
High
CVE-2024-4109
was published
for
io.undertow:undertow-core
(Maven)
Dec 12, 2024
•
withdrawn
PQClean has a correctness error in HQC decapsulation
High
GHSA-753p-wrj5-g8fj
was published
for
pqcrypto-hqc
(Rust)
Dec 11, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated...
High
Unreviewed
CVE-2024-52323
was published
Nov 27, 2024
ProTip!
Advisories are also available from the
GraphQL API