Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the... Critical Unreviewed
CVE-2024-27113 was published Sep 11, 2024
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service... Critical Unreviewed
CVE-2024-42019 was published Sep 7, 2024
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM... Critical Unreviewed
CVE-2024-38650 was published Sep 7, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are... Critical Unreviewed
CVE-2024-6633 was published Aug 27, 2024
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to... Critical Unreviewed
CVE-2024-42394 was published Aug 6, 2024
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a... Critical Unreviewed
CVE-2024-42049 was published Jul 28, 2024
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials... Critical Unreviewed
CVE-2024-6407 was published Jul 11, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software... Critical Unreviewed
CVE-2024-37113 was published Jul 10, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported... Critical Unreviewed
CVE-2024-5535 was published Jun 27, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10... Critical Unreviewed
CVE-2012-6664 was published Jun 22, 2024
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an... Critical Unreviewed
CVE-2024-30300 was published Jun 13, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure... Critical Unreviewed
CVE-2024-5133 was published Jun 6, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4008 was published Jun 5, 2024
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote... Critical Unreviewed
CVE-2024-4300 was published Apr 29, 2024
An exposure of sensitive information vulnerability has been reported to affect Media Streaming... Critical Unreviewed
CVE-2023-47222 was published Apr 26, 2024
A vulnerability in Brocade SANnav ova versions before Brocade SANnav v2.3.1 and v2.3.0a exposes... Critical Unreviewed
CVE-2024-4173 was published Apr 25, 2024
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-30922 was published Apr 18, 2024
By knowing an organization's ID, an attacker can join the organization without permission and... Critical Unreviewed
CVE-2024-1643 was published Apr 10, 2024
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability... Critical Unreviewed
CVE-2023-40276 was published Mar 19, 2024
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via... Critical Unreviewed
CVE-2023-40275 was published Mar 19, 2024
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `... Critical Unreviewed
CVE-2024-0765 was published Mar 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor... Critical Unreviewed
CVE-2024-27905 was published Feb 27, 2024
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
ProTip! Advisories are also available from the GraphQL API