GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,856
Composer 4,262
Erlang 31
GitHub Actions 21
Go 2,030
Maven 5,210
npm 3,732
NuGet 662
pip 3,409
Pub 12
RubyGems 891
Rust 865
Swift 36

Unreviewed advisories

All unreviewed 237,452

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

535 advisories

Filter by severity

Sort by

Least recently updated

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Moderate Unreviewed

CVE-2024-53246 was published Dec 10, 2024

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information... Low Unreviewed

CVE-2024-47577 was published Dec 10, 2024

Web browser interface may manipulate application username/password in clear text or Base64... High Unreviewed

CVE-2024-6515 was published Dec 5, 2024

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed

CVE-2021-29892 was published Dec 3, 2024

Improper data protection on the ventilator's serial interface could allow an attacker to send and... Critical Unreviewed

CVE-2024-9834 was published Nov 14, 2024

Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R)... Moderate Unreviewed

CVE-2024-28169 was published Nov 13, 2024

Moodle authorization headers preserved between "emulated redirects" Low

CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform... High Unreviewed

CVE-2024-50634 was published Nov 8, 2024

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive... Moderate Unreviewed

CVE-2024-32946 was published Oct 30, 2024

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in... Low Unreviewed

CVE-2024-8013 was published Oct 28, 2024

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of... Moderate Unreviewed

CVE-2024-50624 was published Oct 28, 2024

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged... Moderate Unreviewed

CVE-2024-40595 was published Oct 24, 2024

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak... Moderate Unreviewed

CVE-2024-40090 was published Oct 21, 2024

Cleartext transmission of sensitive information in acep-collector service. The following products... Moderate Unreviewed

CVE-2024-49387 was published Oct 15, 2024

An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive... High Unreviewed

CVE-2024-48788 was published Oct 11, 2024

A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which... Moderate Unreviewed

CVE-2024-9620 was published Oct 8, 2024

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage... High Unreviewed

CVE-2024-47789 was published Oct 4, 2024

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0... Moderate Unreviewed

CVE-2024-35495 was published Sep 30, 2024

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses... High Unreviewed

CVE-2024-7713 was published Sep 27, 2024

The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal... Low Unreviewed

CVE-2024-47124 was published Sep 26, 2024

The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal... Low Unreviewed

CVE-2024-45838 was published Sep 26, 2024

A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that... Moderate Unreviewed

CVE-2024-45101 was published Sep 13, 2024

IPMI credentials may be captured in XCC audit log entries when the account username length is 16... Moderate Unreviewed

CVE-2024-8059 was published Sep 13, 2024

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies.... Moderate Unreviewed

CVE-2024-43180 was published Sep 13, 2024

Cleartext transmission of sensitive information in the management console of Ivanti Workspace... High Unreviewed

CVE-2024-44105 was published Sep 10, 2024

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

535 advisories