Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,869 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox... Moderate Unreviewed
CVE-2024-49284 was published Oct 17, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-7417 was published Oct 17, 2024
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in... Moderate Unreviewed
CVE-2017-20194 was published Oct 16, 2024
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-9540 was published Oct 16, 2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive... Moderate Unreviewed
CVE-2020-36835 was published Oct 16, 2024
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-6757 was published Oct 15, 2024
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure... Moderate Unreviewed
CVE-2024-9546 was published Oct 15, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45739 was published Oct 14, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45738 was published Oct 14, 2024
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-8902 was published Oct 12, 2024
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information... High Unreviewed
CVE-2024-9821 was published Oct 12, 2024
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker... Moderate Unreviewed
CVE-2024-9539 was published Oct 11, 2024
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line... Moderate Unreviewed
CVE-2024-39527 was published Oct 11, 2024
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-9538 was published Oct 11, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2024-8913 was published Oct 11, 2024
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45134 was published for magento/community-edition (Composer) Oct 10, 2024
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 ... Moderate Unreviewed
CVE-2024-6747 was published Oct 10, 2024
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user... Low Unreviewed
CVE-2024-30118 was published Oct 9, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a... High Unreviewed
CVE-2024-43610 was published Oct 9, 2024
Microsoft Office Spoofing Vulnerability Moderate Unreviewed
CVE-2024-43609 was published Oct 8, 2024
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in... Low Unreviewed
CVE-2024-33506 was published Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database