Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,791 advisories

Loading
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An... High Unreviewed
CVE-2024-40862 was published Sep 17, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is... High Unreviewed
CVE-2024-44152 was published Sep 17, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information... High Unreviewed
CVE-2024-6406 was published Sep 18, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes... High Unreviewed
CVE-2024-46471 was published Sep 27, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),... High Unreviewed
CVE-2024-9054 was published Oct 4, 2024
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-45245 was published Oct 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a... High Unreviewed
CVE-2024-43610 was published Oct 9, 2024
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information... High Unreviewed
CVE-2024-9821 was published Oct 12, 2024
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain... High Unreviewed
CVE-2024-48789 was published Oct 14, 2024
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-48796 was published Oct 14, 2024
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to... High Unreviewed
CVE-2024-48798 was published Oct 14, 2024
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to... High Unreviewed
CVE-2024-48799 was published Oct 14, 2024
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker... High Unreviewed
CVE-2024-48797 was published Oct 14, 2024
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7... High Unreviewed
CVE-2024-48824 was published Oct 14, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room High
CVE-2024-47824 was published for matrix-react-sdk (npm) Oct 15, 2024
dkasak
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information... High Unreviewed
CVE-2024-9627 was published Oct 22, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack... High Unreviewed
CVE-2024-7010 was published Oct 29, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the... High Unreviewed
CVE-2024-6861 was published Nov 6, 2024
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-47915 was published Nov 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database