GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,533 advisories
Filter by severity
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such...
High
Unreviewed
CVE-2024-5753
was published
Jul 5, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
github.com/grpc/grpc-go
(Go)
Jul 5, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the ...
High
Unreviewed
CVE-2024-6506
was published
Jul 4, 2024
Under certain circumstances, when the controller is in factory reset mode waiting for initial...
Low
Unreviewed
CVE-2024-32754
was published
Jul 4, 2024
Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which...
High
Unreviewed
CVE-2024-6426
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a...
Low
Unreviewed
CVE-2024-39807
was published
Jul 3, 2024
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads...
Low
Unreviewed
CVE-2024-39353
was published
Jul 3, 2024
GeoServer's Server Status shows sensitive environmental variables and Java properties
Moderate
CVE-2024-34696
was published
for
org.geoserver.web:gs-web-app
(Maven)
Jul 1, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions...
Moderate
Unreviewed
CVE-2024-36986
was published
Jul 1, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported...
Critical
Unreviewed
CVE-2024-5535
was published
Jun 27, 2024
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5,...
Moderate
Unreviewed
CVE-2024-3115
was published
Jun 27, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController...
High
Unreviewed
CVE-2024-5010
was published
Jun 25, 2024
udn News Android APP stores the user session in logcat file when user log into the APP. A...
Low
Unreviewed
CVE-2024-6294
was published
Jun 25, 2024
In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can...
High
Unreviewed
CVE-2024-34991
was published
Jun 25, 2024
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10...
Critical
Unreviewed
CVE-2012-6664
was published
Jun 22, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event...
Moderate
Unreviewed
CVE-2024-5059
was published
Jun 21, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP...
Moderate
Unreviewed
CVE-2024-35776
was published
Jun 21, 2024
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in...
High
Unreviewed
CVE-2024-22002
was published
Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information...
High
Unreviewed
CVE-2024-38467
was published
Jun 16, 2024
Vulnerability of insufficient permission verification in the NearLink module
Impact: Successful...
Moderate
Unreviewed
CVE-2024-5464
was published
Jun 14, 2024
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information...
Moderate
Unreviewed
CVE-2024-0093
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API