GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,051 advisories
Filter by severity
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and...
Moderate
Unreviewed
CVE-2024-40703
was published
Sep 22, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Moderate
Unreviewed
CVE-2024-47162
was published
Sep 19, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
The Eaton Foreseer software provides the feasibility for the user to configure external servers...
Moderate
Unreviewed
CVE-2024-31415
was published
Sep 13, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,...
High
Unreviewed
CVE-2024-28981
was published
Sep 12, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an...
High
Unreviewed
CVE-2024-20489
was published
Sep 11, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to...
High
Unreviewed
CVE-2024-44815
was published
Sep 10, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code...
High
Unreviewed
CVE-2024-40710
was published
Sep 7, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These...
Moderate
Unreviewed
CVE-2024-39278
was published
Sep 6, 2024
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow...
High
Unreviewed
CVE-2023-49233
was published
Sep 3, 2024
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical...
Moderate
Unreviewed
CVE-2024-31800
was published
Aug 15, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive...
Moderate
Unreviewed
CVE-2024-40704
was published
Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison...
Moderate
Unreviewed
CVE-2024-7813
was published
Aug 15, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-7389
was published
Aug 2, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote...
High
Unreviewed
CVE-2024-6492
was published
Jul 16, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key....
High
Unreviewed
CVE-2024-38453
was published
Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As...
High
Unreviewed
CVE-2023-41926
was published
Jul 2, 2024
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile...
Moderate
Unreviewed
CVE-2024-39879
was published
Jul 1, 2024
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App...
Moderate
Unreviewed
CVE-2024-39878
was published
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API