GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,639 advisories
Filter by severity
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If...
High
Unreviewed
CVE-2024-38647
was published
Nov 22, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.
...
High
Unreviewed
CVE-2024-45791
was published
Nov 18, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce...
High
Unreviewed
CVE-2024-8979
was published
Nov 15, 2024
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-47915
was published
Nov 14, 2024
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the...
High
Unreviewed
CVE-2024-6861
was published
Nov 6, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure
High
CVE-2024-51127
was published
for
org.hornetq:hornetq-core-client
(Maven)
Nov 4, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack...
High
Unreviewed
CVE-2024-7010
was published
Oct 29, 2024
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9627
was published
Oct 22, 2024
secp256k1-node allows private key extraction over ECDH
High
CVE-2024-48930
was published
for
secp256k1
(npm)
Oct 21, 2024
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9821
was published
Oct 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a...
High
Unreviewed
CVE-2024-43610
was published
Oct 9, 2024
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-45245
was published
Oct 6, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes...
High
Unreviewed
CVE-2024-46471
was published
Sep 27, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
High
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information...
High
Unreviewed
CVE-2024-6406
was published
Sep 18, 2024
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An...
High
Unreviewed
CVE-2024-40862
was published
Sep 17, 2024
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and...
High
Unreviewed
CVE-2024-46938
was published
Sep 16, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API