Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

282 advisories

Loading
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,... High Unreviewed
CVE-2024-28981 was published Sep 12, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code... High Unreviewed
CVE-2024-40710 was published Sep 7, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed
CVE-2024-39818 was published Aug 14, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-7389 was published Aug 2, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed
CVE-2024-38453 was published Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed
CVE-2023-41926 was published Jul 2, 2024
Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed
CVE-2024-27109 was published May 14, 2024
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed
CVE-2024-29941 was published May 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed
CVE-2023-37400 was published Apr 19, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed
CVE-2023-41677 was published Apr 9, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed
CVE-2022-47037 was published Mar 18, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2023-27975 was published Feb 14, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed
CVE-2023-6421 was published Jan 1, 2024
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed
CVE-2023-32268 was published Dec 6, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed
CVE-2023-6254 was published Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed
CVE-2023-43905 was published Oct 26, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
ProTip! Advisories are also available from the GraphQL API