GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,810 advisories
Filter by severity
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8538
was published
Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows...
High
Unreviewed
CVE-2024-44408
was published
Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord...
Critical
Unreviewed
CVE-2024-1744
was published
Sep 6, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7415
was published
Sep 6, 2024
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This...
Moderate
Unreviewed
CVE-2024-8461
was published
Sep 5, 2024
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01....
Moderate
Unreviewed
CVE-2024-8460
was published
Sep 5, 2024
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information...
Moderate
Unreviewed
CVE-2024-6835
was published
Sep 5, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2024-20503
was published
Sep 4, 2024
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the...
Moderate
Unreviewed
CVE-2024-44820
was published
Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive...
Moderate
Unreviewed
CVE-2024-8106
was published
Sep 4, 2024
Access control vulnerability in the camera framework module
Impact: Successful exploitation of...
Moderate
Unreviewed
CVE-2024-45447
was published
Sep 4, 2024
Permission control vulnerability in the software update module.
Impact: Successful exploitation...
Moderate
Unreviewed
CVE-2024-45450
was published
Sep 4, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD
Moderate
CVE-2024-43803
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Sep 3, 2024
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Hwameistor Potential Permission Leakage of Cluster Level
Low
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information...
Moderate
Unreviewed
CVE-2024-3679
was published
Aug 29, 2024
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
Moderate
Unreviewed
CVE-2024-2541
was published
Aug 29, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full...
Moderate
Unreviewed
CVE-2024-6551
was published
Aug 29, 2024
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for...
Moderate
Unreviewed
CVE-2024-7418
was published
Aug 29, 2024
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server...
Moderate
Unreviewed
CVE-2021-22529
was published
Aug 28, 2024
ProTip!
Advisories are also available from the
GraphQL API