Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,533 advisories

Loading
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such... High Unreviewed
CVE-2024-5753 was published Jul 5, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for github.com/grpc/grpc-go (Go) Jul 5, 2024
ZITADEL Vulnerable to Session Information Leakage Moderate
CVE-2024-39683 was published for github.com/zitadel/zitadel (Go) Jul 5, 2024
cybertransformer livio-a
fforootd Avolicious srividyaj
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ... High Unreviewed
CVE-2024-6506 was published Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial... Low Unreviewed
CVE-2024-32754 was published Jul 4, 2024
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which... High Unreviewed
CVE-2024-6426 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a... Low Unreviewed
CVE-2024-39807 was published Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads... Low Unreviewed
CVE-2024-39353 was published Jul 3, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties Moderate
CVE-2024-34696 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
miceg jodygarnett
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-36986 was published Jul 1, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported... Critical Unreviewed
CVE-2024-5535 was published Jun 27, 2024
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5,... Moderate Unreviewed
CVE-2024-3115 was published Jun 27, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController... High Unreviewed
CVE-2024-5010 was published Jun 25, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A... Low Unreviewed
CVE-2024-6294 was published Jun 25, 2024
In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can... High Unreviewed
CVE-2024-34991 was published Jun 25, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10... Critical Unreviewed
CVE-2012-6664 was published Jun 22, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event... Moderate Unreviewed
CVE-2024-5059 was published Jun 21, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP... Moderate Unreviewed
CVE-2024-35776 was published Jun 21, 2024
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in... High Unreviewed
CVE-2024-22002 was published Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information... High Unreviewed
CVE-2024-38467 was published Jun 16, 2024
Vulnerability of insufficient permission verification in the NearLink module Impact: Successful... Moderate Unreviewed
CVE-2024-5464 was published Jun 14, 2024
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information... Moderate Unreviewed
CVE-2024-0093 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API