GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,838 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia...
Moderate
Unreviewed
CVE-2024-47848
was published
Oct 5, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),...
High
Unreviewed
CVE-2024-9054
was published
Oct 4, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker...
Moderate
Unreviewed
CVE-2024-20491
was published
Oct 2, 2024
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco...
Moderate
Unreviewed
CVE-2024-20490
was published
Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates,...
Moderate
Unreviewed
CVE-2024-46548
was published
Sep 30, 2024
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes...
High
Unreviewed
CVE-2024-46471
was published
Sep 27, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress...
Moderate
Unreviewed
CVE-2024-43237
was published
Sep 25, 2024
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in...
Moderate
Unreviewed
CVE-2024-8516
was published
Sep 25, 2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for...
Moderate
Unreviewed
CVE-2024-7426
was published
Sep 25, 2024
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions...
Moderate
Unreviewed
CVE-2024-8483
was published
Sep 25, 2024
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-8801
was published
Sep 25, 2024
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in...
Low
Unreviewed
CVE-2023-5359
was published
Sep 25, 2024
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for...
Low
Unreviewed
CVE-2024-8612
was published
Sep 20, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information...
High
Unreviewed
CVE-2024-6406
was published
Sep 18, 2024
OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This...
Moderate
Unreviewed
CVE-2024-8969
was published
Sep 18, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API