Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2023-50053 was published Apr 30, 2024
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive... High Unreviewed
CVE-2024-33271 was published Apr 29, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-29987 was published Apr 18, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-29986 was published Apr 18, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability High Unreviewed
CVE-2024-26192 was published Feb 24, 2024
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser... Moderate Unreviewed
CVE-2023-25632 was published Nov 27, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software... High Unreviewed
CVE-2023-5983 was published Nov 22, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the... Moderate Unreviewed
CVE-2023-34085 was published Oct 25, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-44213 was published Oct 6, 2023
Sensitive information disclosure due to spell-jacking. The following products are affected:... Moderate Unreviewed
CVE-2023-44156 was published Sep 27, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15... Moderate Unreviewed
CVE-2023-1936 was published Jul 11, 2023
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media... High Unreviewed
CVE-2023-2703 was published May 23, 2023
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series... Moderate Unreviewed
CVE-2023-22918 was published Apr 24, 2023
Information exposure in microweber Moderate
CVE-2023-2239 was published for microweber/microweber (Composer) Apr 22, 2023
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm Low
CVE-2023-29203 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 12, 2023
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server Moderate
CVE-2022-41936 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Nov 21, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA),... Moderate Unreviewed
CVE-2022-20942 was published Nov 4, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription... Moderate Unreviewed
CVE-2022-0852 was published Aug 29, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database