GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
An attacker authenticated as an administrator can use an exposed webservice to upload or download...
Moderate
Unreviewed
CVE-2024-47579
was published
Dec 10, 2024
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with...
Moderate
Unreviewed
CVE-2024-47580
was published
Dec 10, 2024
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a...
Moderate
Unreviewed
CVE-2024-9671
was published
Oct 9, 2024
On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead...
Moderate
Unreviewed
CVE-2023-5937
was published
May 15, 2024
An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows....
High
Unreviewed
CVE-2024-31954
was published
May 14, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1)....
High
Unreviewed
CVE-2024-22045
was published
Mar 12, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain...
High
Unreviewed
CVE-2024-22433
was published
Feb 6, 2024
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified...
Moderate
Unreviewed
CVE-2024-0191
was published
Jan 2, 2024
An information exposure vulnerability has been found, the exploitation of which could allow a...
High
Unreviewed
CVE-2023-4595
was published
Nov 23, 2023
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the...
Moderate
Unreviewed
CVE-2023-4933
was published
Oct 16, 2023
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores...
High
Unreviewed
CVE-2023-5003
was published
Oct 16, 2023
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All...
Moderate
Unreviewed
CVE-2023-38558
was published
Sep 14, 2023
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the...
Moderate
Unreviewed
CVE-2023-4480
was published
Sep 5, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
Moderate
CVE-2022-4318
was published
for
github.com/cri-o/cri-o
(Go)
Dec 29, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified...
Moderate
Unreviewed
CVE-2021-1406
was published
May 24, 2022
A vulnerability in the web server functionality of Cisco Enterprise Network Functions...
Moderate
Unreviewed
CVE-2019-12623
was published
May 24, 2022
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
Moderate
Unreviewed
CVE-2018-20932
was published
May 24, 2022
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
Moderate
CVE-2019-10320
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
May 24, 2022
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed...
High
Unreviewed
CVE-2016-10399
was published
May 17, 2022
The existence of a specifically requested local file can be found due to the double firing of the...
Low
Unreviewed
CVE-2017-5387
was published
May 14, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)...
Moderate
Unreviewed
CVE-2018-16970
was published
May 14, 2022
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation...
Moderate
Unreviewed
CVE-2017-9947
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API