Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-13215 was published Jan 15, 2025
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is... Moderate Unreviewed
CVE-2024-11396 was published Jan 14, 2025
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain... Moderate Unreviewed
CVE-2024-41780 was published Jan 3, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-11712 was published Dec 14, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could... High Unreviewed
CVE-2024-42494 was published Dec 6, 2024
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2024-37070 was published Nov 19, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-49025 was published Nov 14, 2024
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager... Moderate Unreviewed
CVE-2023-44255 was published Nov 12, 2024
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Sensitive information disclosure due to spell-jacking. The following products are affected:... Moderate Unreviewed
CVE-2024-49386 was published Oct 17, 2024
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15... Moderate Unreviewed
CVE-2023-1936 was published Jul 11, 2023
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters ... High Unreviewed
CVE-2024-47085 was published Sep 19, 2024
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain... High Unreviewed
CVE-2024-47087 was published Sep 19, 2024
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive... High Unreviewed
CVE-2024-45787 was published Sep 11, 2024
An attacker with no knowledge of the current users in the web application, could build a... Moderate Unreviewed
CVE-2024-8891 was published Sep 18, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
Sensitive information disclosure due to spell-jacking. The following products are affected:... Moderate Unreviewed
CVE-2023-44156 was published Sep 27, 2023
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-44213 was published Oct 6, 2023
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an... Moderate Unreviewed
CVE-2024-44113 was published Sep 10, 2024
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access... Moderate Unreviewed
CVE-2024-41729 was published Sep 10, 2024
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser... Moderate Unreviewed
CVE-2023-25632 was published Nov 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database