Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a... High Unreviewed
CVE-2024-57546 was published Jan 28, 2025
Windows Kerberos Security Feature Bypass Vulnerability High Unreviewed
CVE-2025-21299 was published Jan 14, 2025
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows... High Unreviewed
CVE-2025-22983 was published Jan 14, 2025
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0... High Unreviewed
CVE-2025-22984 was published Jan 14, 2025
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing... High Unreviewed
CVE-2024-56113 was published Jan 9, 2025
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack... High Unreviewed
CVE-2024-37144 was published Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to... High Unreviewed
CVE-2024-47043 was published Dec 6, 2024
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023... High Unreviewed
CVE-2024-48939 was published Nov 11, 2024
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for... High Unreviewed
CVE-2024-10028 was published Nov 6, 2024
Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server... High Unreviewed
CVE-2024-48352 was published Nov 1, 2024
Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a... High Unreviewed
CVE-2024-48353 was published Nov 1, 2024
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-48783 was published Oct 15, 2024
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-48770 was published Oct 11, 2024
An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes,... High Unreviewed
CVE-2024-42018 was published Oct 11, 2024
A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used... High Unreviewed
CVE-2024-39339 was published Sep 18, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a... High Unreviewed
CVE-2024-22808 was published Apr 22, 2024
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when... High Unreviewed
CVE-2024-29968 was published Apr 19, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2023-42913 was published Mar 28, 2024
The encrypted subject of an email message could be incorrectly and permanently assigned to an... High Unreviewed
CVE-2024-1936 was published Mar 5, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according... High Unreviewed
CVE-2024-25728 was published Feb 12, 2024
Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. High Unreviewed
CVE-2024-22773 was published Feb 6, 2024
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to... High Unreviewed
CVE-2023-45182 was published Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database