GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
982 advisories
Filter by severity
Hwameistor Potential Permission Leakage of Cluster Level
Low
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all...
Low
Unreviewed
CVE-2024-7060
was published
Jul 25, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM...
Low
Unreviewed
CVE-2023-52238
was published
Jul 9, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A...
Low
Unreviewed
CVE-2024-6294
was published
Jun 25, 2024
On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated...
Low
Unreviewed
CVE-2024-34684
was published
Jun 11, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP...
Low
Unreviewed
CVE-2023-52147
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,...
Low
Unreviewed
CVE-2023-49748
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login...
Low
Unreviewed
CVE-2023-48335
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries...
Low
Unreviewed
CVE-2023-49822
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login...
Low
Unreviewed
CVE-2023-47818
was published
Jun 4, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on...
Low
Unreviewed
CVE-2023-38301
was published
Apr 22, 2024
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an...
Low
Unreviewed
CVE-2024-23557
was published
Apr 18, 2024
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network...
Low
Unreviewed
CVE-2024-3689
was published
Apr 12, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API