Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
Exposure of sensitive information in follow-redirects High
CVE-2022-0155 was published for follow-redirects (npm) Jan 12, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media... High Unreviewed
CVE-2023-2703 was published May 23, 2023
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software... High Unreviewed
CVE-2023-5983 was published Nov 22, 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability High Unreviewed
CVE-2024-26192 was published Feb 24, 2024
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive... High Unreviewed
CVE-2024-33271 was published Apr 29, 2024
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2023-50053 was published Apr 30, 2024
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a... High Unreviewed
CVE-2024-36677 was published Jun 19, 2024
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a... High Unreviewed
CVE-2024-36682 was published Jun 25, 2024
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime... High Unreviewed
CVE-2024-30321 was published Jul 9, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive... High Unreviewed
CVE-2024-45787 was published Sep 11, 2024
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters ... High Unreviewed
CVE-2024-47085 was published Sep 19, 2024
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain... High Unreviewed
CVE-2024-47087 was published Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API