Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,159 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open... Moderate Unreviewed
CVE-2024-12564 was published Dec 12, 2024
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful... Moderate Unreviewed
CVE-2024-54117 was published Dec 12, 2024
Vulnerability of improper access control in the album module Impact: Successful exploitation of... Moderate Unreviewed
CVE-2024-54103 was published Dec 12, 2024
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due... Moderate Unreviewed
CVE-2024-12329 was published Dec 12, 2024
The Restrict – membership, site, content and user access restrictions for WordPress plugin for... Moderate Unreviewed
CVE-2024-11351 was published Dec 11, 2024
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-11008 was published Dec 11, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18,... Moderate Unreviewed
CVE-2024-53243 was published Dec 10, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-53244 was published Dec 10, 2024
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11106 was published Dec 10, 2024
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-11292 was published Dec 6, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated... Moderate Unreviewed
CVE-2024-11961 was published Nov 28, 2024
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11083 was published Nov 27, 2024
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to... Moderate Unreviewed
CVE-2016-6435 was published May 17, 2022
A vulnerability in the management console of Cisco Firepower System Software could allow an... Moderate Unreviewed
CVE-2018-0278 was published May 13, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Moderate
CVE-2013-4183 was published for cinder (pip) May 17, 2022
The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is... Moderate Unreviewed
CVE-2024-11265 was published Nov 23, 2024
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information... Moderate Unreviewed
CVE-2024-6687 was published Aug 1, 2024
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-9542 was published Nov 22, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Tryton allows users to read the hashed password Moderate
CVE-2016-1241 was published for trytond (pip) May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter Moderate
CVE-2016-1242 was published for trytond (pip) May 17, 2022
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database