Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,616 advisories

Loading
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP... High Unreviewed
CVE-2024-23506 was published Jan 27, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing... High Unreviewed
CVE-2024-22154 was published Jan 24, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation... High Unreviewed
CVE-2023-44112 was published Jan 16, 2024
The "tokenKey" value used in user authorization is visible in the HTML source of the login page. High Unreviewed
CVE-2023-49261 was published Jan 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon... High Unreviewed
CVE-2023-52190 was published Jan 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe... High Unreviewed
CVE-2023-52143 was published Jan 5, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
There is a possible information disclosure due to a missing permission check. This could lead to... High Unreviewed
CVE-2023-4164 was published Jan 3, 2024
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database... High Unreviewed
CVE-2023-52286 was published Dec 31, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange... High Unreviewed
CVE-2022-44589 was published Dec 29, 2023
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when... High Unreviewed
CVE-2023-50968 was published Dec 26, 2023
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to... High Unreviewed
CVE-2023-40058 was published Dec 21, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress... High Unreviewed
CVE-2023-48288 was published Dec 21, 2023
A potential security vulnerability has been identified with HP-UX System Management Homepage ... High Unreviewed
CVE-2023-50271 was published Dec 17, 2023
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version... High Unreviewed
CVE-2023-0248 was published Dec 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A... High Unreviewed
CVE-2023-48671 was published Dec 14, 2023
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757,... High Unreviewed
CVE-2023-49580 was published Dec 12, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx savely-krasovsky
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database