Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

787 advisories

Loading
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page Moderate Unreviewed
CVE-2024-47162 was published Sep 19, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain... Moderate Unreviewed
CVE-2024-39733 was published Jul 14, 2024
The Eaton Foreseer software provides the feasibility for the user to configure external servers... Moderate Unreviewed
CVE-2024-31415 was published Sep 13, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,... High Unreviewed
CVE-2024-28981 was published Sep 12, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code... High Unreviewed
CVE-2024-40710 was published Sep 7, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These... Moderate Unreviewed
CVE-2024-39278 was published Sep 6, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub... Critical Unreviewed
CVE-2024-6118 was published Aug 5, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive... Moderate Unreviewed
CVE-2024-40704 was published Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison... Moderate Unreviewed
CVE-2024-7813 was published Aug 15, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed
CVE-2024-39818 was published Aug 14, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an... Moderate Unreviewed
CVE-2024-3082 was published Jul 31, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by... Moderate Unreviewed
CVE-2024-25052 was published Jun 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed
CVE-2024-35208 was published Jun 11, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-7389 was published Aug 2, 2024
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access... High Unreviewed
CVE-1999-0013 was published Apr 30, 2022
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed
CVE-2024-29941 was published May 7, 2024
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Moderate Unreviewed
CVE-2023-24047 was published Dec 5, 2023
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs... High Unreviewed
CVE-2019-20470 was published May 24, 2022
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed
CVE-2022-47037 was published Mar 18, 2024
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the... High Unreviewed
CVE-2020-11925 was published May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an... High Unreviewed
CVE-2020-29583 was published May 24, 2022
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for... Moderate Unreviewed
CVE-2024-3165 was published Apr 2, 2024
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity... Critical Unreviewed
CVE-2017-9248 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API