GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,370 advisories
Filter by severity
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If...
High
Unreviewed
CVE-2024-38647
was published
Nov 22, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.
...
High
Unreviewed
CVE-2024-45791
was published
Nov 18, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce...
High
Unreviewed
CVE-2024-8979
was published
Nov 15, 2024
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-47915
was published
Nov 14, 2024
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a vulnerability...
High
Unreviewed
CVE-2023-34437
was published
Oct 19, 2023
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack...
High
Unreviewed
CVE-2024-7010
was published
Oct 29, 2024
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the...
High
Unreviewed
CVE-2024-6861
was published
Nov 6, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically...
High
Unreviewed
CVE-2024-5124
was published
Jun 6, 2024
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an...
High
Unreviewed
CVE-2023-4215
was published
Oct 17, 2023
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9627
was published
Oct 22, 2024
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
High
Unreviewed
CVE-2023-22586
was published
Jun 11, 2023
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information...
High
Unreviewed
CVE-2024-9821
was published
Oct 12, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
The "tokenKey" value used in user authorization is visible in the HTML source of the login page.
High
Unreviewed
CVE-2023-49261
was published
Jan 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a...
High
Unreviewed
CVE-2024-43610
was published
Oct 9, 2024
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
High
Unreviewed
CVE-2024-45245
was published
Oct 6, 2024
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8,...
High
Unreviewed
CVE-2023-3413
was published
Sep 29, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8...
High
Unreviewed
CVE-2023-3993
was published
Aug 2, 2023
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based...
High
Unreviewed
CVE-2023-3705
was published
Aug 24, 2023
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6...
High
Unreviewed
CVE-2023-39289
was published
Aug 26, 2023
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an...
High
Unreviewed
CVE-2024-25646
was published
Apr 9, 2024
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757,...
High
Unreviewed
CVE-2023-49580
was published
Dec 12, 2023
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD...
High
Unreviewed
CVE-2023-37486
was published
Aug 8, 2023
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated...
High
Unreviewed
CVE-2023-39214
was published
Aug 9, 2023
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes...
High
Unreviewed
CVE-2024-46471
was published
Sep 27, 2024
ProTip!
Advisories are also available from the
GraphQL API