Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

994 advisories

Loading
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all... Low Unreviewed
CVE-2024-7060 was published Jul 25, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a... Low Unreviewed
CVE-2024-39807 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads... Low Unreviewed
CVE-2024-39353 was published Jul 3, 2024
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on... Low Unreviewed
CVE-2023-38301 was published Apr 22, 2024
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially... Low Unreviewed
CVE-2023-24069 was published Jan 23, 2023
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain... Low Unreviewed
CVE-2016-3351 was published May 14, 2022
udn News Android APP stores the user session in logcat file when user log into the APP. A... Low Unreviewed
CVE-2024-6294 was published Jun 25, 2024
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated... Low Unreviewed
CVE-2024-34684 was published Jun 11, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP... Low Unreviewed
CVE-2023-52147 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries... Low Unreviewed
CVE-2023-49822 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,... Low Unreviewed
CVE-2023-49748 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login... Low Unreviewed
CVE-2023-47818 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login... Low Unreviewed
CVE-2023-48335 was published Jun 4, 2024
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator... Low Unreviewed
CVE-2015-5742 was published May 14, 2022
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
OpenStack Glance is vulnerable to Exposure of Sensitive Information Low
CVE-2013-1840 was published for glance (pip) May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
Openstack nova qcow format could expose host filesystem information Low
CVE-2011-3147 was published for nova (pip) Apr 22, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch Low
CVE-2024-24758 was published for undici (npm) Feb 16, 2024
T1m0n0 mcollina
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database