Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

8,928 advisories

Loading
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All... Moderate Unreviewed
CVE-2024-37991 was published Sep 10, 2024
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service... Critical Unreviewed
CVE-2024-42019 was published Sep 7, 2024
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM... Critical Unreviewed
CVE-2024-38650 was published Sep 7, 2024
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8538 was published Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium Moderate
CVE-2022-24797 was published for github.com/pomerium/pomerium (Go) Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic ivokub
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property High
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2024-7415 was published Sep 6, 2024
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This... Moderate Unreviewed
CVE-2024-8461 was published Sep 5, 2024
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01.... Moderate Unreviewed
CVE-2024-8460 was published Sep 5, 2024
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-6835 was published Sep 5, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2024-20503 was published Sep 4, 2024
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the... Moderate Unreviewed
CVE-2024-44820 was published Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-8106 was published Sep 4, 2024
Access control vulnerability in the camera framework module Impact: Successful exploitation of... Moderate Unreviewed
CVE-2024-45447 was published Sep 4, 2024
Permission control vulnerability in the software update module. Impact: Successful exploitation... Moderate Unreviewed
CVE-2024-45450 was published Sep 4, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD Moderate
CVE-2024-43803 was published for github.com/metal3-io/baremetal-operator (Go) Sep 3, 2024
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Hwameistor Potential Permission Leakage of Cluster Level Moderate
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-3679 was published Aug 29, 2024
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-2541 was published Aug 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database