Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

988 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login... Low Unreviewed
CVE-2023-47818 was published Jun 4, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on... Low Unreviewed
CVE-2023-38301 was published Apr 22, 2024
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an... Low Unreviewed
CVE-2024-23557 was published Apr 18, 2024
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network... Low Unreviewed
CVE-2024-3689 was published Apr 12, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output Low
GHSA-j5vm-7qcc-2wwg was published for github.com/kopia/kopia (Go) Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch
In Quarkus, git credentials could be inadvertently published Low
CVE-2024-1979 was published for io.quarkus:quarkus-kubernetes-deployment (Maven) Mar 13, 2024
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin Low
GHSA-68c2-4mpx-qh95 was published for @sentry/react-native (npm) Mar 1, 2024
Mattermost incorrectly allows access individual posts Low
CVE-2024-1952 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost race condition Low
CVE-2024-1949 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Apache Camel data exposure vulnerability Low
CVE-2024-22371 was published for org.apache.camel:camel-core (Maven) Feb 26, 2024
rsrikanth11
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management... Low Unreviewed
CVE-2024-1591 was published Feb 16, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 mcollina
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a... Low Unreviewed
CVE-2023-5081 was published Jan 19, 2024
A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management... Low Unreviewed
CVE-2024-0716 was published Jan 19, 2024
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. ... Low Unreviewed
CVE-2023-50950 was published Jan 17, 2024
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as... Low Unreviewed
CVE-2024-0472 was published Jan 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced... Low Unreviewed
CVE-2022-40696 was published Jan 9, 2024
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database