Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,869 advisories

Loading
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to... Moderate Unreviewed
CVE-2020-36289 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox... Moderate Unreviewed
CVE-2024-49284 was published Oct 17, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45739 was published Oct 14, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes... Moderate Unreviewed
CVE-2024-45738 was published Oct 14, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-7417 was published Oct 17, 2024
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec High
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. High Unreviewed
CVE-2023-22586 was published Jun 11, 2023
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate... Moderate Unreviewed
CVE-2023-25912 was published Jun 11, 2023
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-9540 was published Oct 16, 2024
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in... Moderate Unreviewed
CVE-2017-20194 was published Oct 16, 2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive... Moderate Unreviewed
CVE-2020-36835 was published Oct 16, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages Low
CVE-2024-7038 was published for open-webui (pip) Oct 9, 2024
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request High
CVE-2016-8747 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Plone Filesystem path information leak Moderate
CVE-2013-7060 was published for Products.CMFPlone (pip) May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives Moderate
CVE-2013-4191 was published for plone (pip) May 17, 2022
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 ... Moderate Unreviewed
CVE-2024-6747 was published Oct 10, 2024
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-6757 was published Oct 15, 2024
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure... Moderate Unreviewed
CVE-2024-9546 was published Oct 15, 2024
Exposure of Sensitive Information in Plone Moderate
CVE-2012-5508 was published for Plone (pip) May 17, 2022
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database