GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,869 advisories
Filter by severity
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically...
High
Unreviewed
CVE-2024-5124
was published
Jun 6, 2024
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to...
Moderate
Unreviewed
CVE-2020-36289
was published
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox...
Moderate
Unreviewed
CVE-2024-49284
was published
Oct 17, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes...
Moderate
Unreviewed
CVE-2024-45739
was published
Oct 14, 2024
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes...
Moderate
Unreviewed
CVE-2024-45738
was published
Oct 14, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information...
Moderate
Unreviewed
CVE-2024-7417
was published
Oct 17, 2024
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Jberet: jberet-core logging database credentials
Moderate
CVE-2024-1102
was published
for
org.jberet:jberet-core
(Maven)
Apr 25, 2024
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
High
Unreviewed
CVE-2023-22586
was published
Jun 11, 2023
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate...
Moderate
Unreviewed
CVE-2023-25912
was published
Jun 11, 2023
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-9540
was published
Oct 16, 2024
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in...
Moderate
Unreviewed
CVE-2017-20194
was published
Oct 16, 2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive...
Moderate
Unreviewed
CVE-2020-36835
was published
Oct 16, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
High
CVE-2024-47824
was published
for
matrix-react-sdk
(npm)
Oct 15, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
Plone Filesystem path information leak
Moderate
CVE-2013-7060
was published
for
Products.CMFPlone
(pip)
May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives
Moderate
CVE-2013-4191
was published
for
plone
(pip)
May 17, 2022
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 ...
Moderate
Unreviewed
CVE-2024-6747
was published
Oct 10, 2024
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable...
Moderate
Unreviewed
CVE-2024-6757
was published
Oct 15, 2024
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure...
Moderate
Unreviewed
CVE-2024-9546
was published
Oct 15, 2024
Exposure of Sensitive Information in Plone
Moderate
CVE-2012-5508
was published
for
Plone
(pip)
May 17, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API