Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6,094 advisories

Loading
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection... Moderate Unreviewed
CVE-2024-50312 was published Oct 22, 2024
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-9541 was published Oct 22, 2024
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-8852 was published Oct 22, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1830 was published for requests (pip) May 14, 2022
salt leaks git usernames and passwords to the log Moderate
CVE-2015-6918 was published for salt (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
A compromised IPC child process can escape the content sandbox and list the names of arbitrary... Moderate Unreviewed
CVE-2018-12365 was published May 14, 2022
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers... Moderate Unreviewed
CVE-2016-5265 was published May 13, 2022
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-9889 was published Oct 19, 2024
Plone is vulnerable to information exposure via the object manager implementation Moderate
CVE-2013-4196 was published for plone (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo... Moderate Unreviewed
CVE-2024-22301 was published Jan 24, 2024
Plone vulnerable to unauthorized disclosure of site content Moderate
CVE-2016-4042 was published for Plone (pip) May 17, 2022
Plone is vulnerable to File System Path Exposure Moderate
CVE-2013-4194 was published for plone (pip) May 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to... Moderate Unreviewed
CVE-2020-36289 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox... Moderate Unreviewed
CVE-2024-49284 was published Oct 17, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45739 was published Oct 14, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45738 was published Oct 14, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-7417 was published Oct 17, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate... Moderate Unreviewed
CVE-2023-25912 was published Jun 11, 2023
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-9540 was published Oct 16, 2024
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in... Moderate Unreviewed
CVE-2017-20194 was published Oct 16, 2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive... Moderate Unreviewed
CVE-2020-36835 was published Oct 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database