Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-48510 was published Jul 6, 2023
HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker... Critical Unreviewed
CVE-2023-24838 was published Jul 6, 2023
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform ... Critical Unreviewed
CVE-2023-28765 was published Jul 6, 2023
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,... Critical Unreviewed
CVE-2023-40622 was published Sep 13, 2023
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to... Critical Unreviewed
CVE-2023-5642 was published Oct 18, 2023
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive... Critical Unreviewed
CVE-2023-5576 was published Oct 20, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with... Critical Unreviewed
CVE-2023-39337 was published Nov 15, 2023
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed
CVE-2023-49103 was published Nov 22, 2023
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary... Critical Unreviewed
CVE-2023-6248 was published Nov 22, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor... Critical Unreviewed
CVE-2024-27905 was published Feb 27, 2024
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `... Critical Unreviewed
CVE-2024-0765 was published Mar 3, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability... Critical Unreviewed
CVE-2023-40276 was published Mar 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via... Critical Unreviewed
CVE-2023-40275 was published Mar 19, 2024
By knowing an organization's ID, an attacker can join the organization without permission and... Critical Unreviewed
CVE-2024-1643 was published Apr 10, 2024
ProTip! Advisories are also available from the GraphQL API