Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed
CVE-2024-13185 was published Jan 8, 2025
The health module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed
CVE-2024-13173 was published Jan 8, 2025
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed
CVE-2024-13186 was published Jan 8, 2025
Sensitive information disclosure due to missing authentication. The following products are... Moderate Unreviewed
CVE-2024-55538 was published Jan 2, 2025
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
The wifi module exposes the interface and has improper permission control, leaking sensitive... Moderate Unreviewed
CVE-2021-26278 was published Dec 17, 2024
When using special mode to connect to enterprise wifi, certain options are not properly... Moderate Unreviewed
CVE-2020-12484 was published Dec 17, 2024
Admin authentication can be bypassed with some specific invalid credentials, which allows logging... Moderate Unreviewed
CVE-2024-33616 was published Nov 26, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without... Moderate Unreviewed
CVE-2024-39707 was published Nov 15, 2024
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message... Moderate Unreviewed
CVE-2023-34761 was published Jun 28, 2023
Improper control of framework service permissions with possibility of some sensitive device... Moderate Unreviewed
CVE-2020-12491 was published Nov 25, 2024
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware... Moderate Unreviewed
CVE-2024-47865 was published Nov 20, 2024
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
A low privileged remote attacker may modify the docker settings setup of the device, leading to a... Moderate Unreviewed
CVE-2024-41968 was published Nov 18, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4... Moderate Unreviewed
CVE-2024-26011 was published Nov 12, 2024
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM... Moderate Unreviewed
CVE-2024-36457 was published Jul 15, 2024
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate... Moderate Unreviewed
CVE-2024-48952 was published Nov 7, 2024
Improper authentication vulnerability in exists in multiple printers and scanners which implement... Moderate Unreviewed
CVE-2024-21824 was published Mar 18, 2024
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue... Moderate Unreviewed
CVE-2024-51362 was published Nov 5, 2024
Internet passwords stored in Person documents in the Domino® Directory created using the "Add... Moderate Unreviewed
CVE-2023-37495 was published Feb 29, 2024
A user with device administrative privileges can change existing SMTP server settings on the... Moderate Unreviewed
CVE-2024-5143 was published May 23, 2024
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is... Moderate Unreviewed
CVE-2024-9430 was published Oct 31, 2024
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA... Moderate Unreviewed
CVE-2024-48442 was published Oct 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database