GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain...
Moderate
Unreviewed
CVE-2024-37070
was published
Nov 19, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-49025
was published
Nov 14, 2024
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager...
Moderate
Unreviewed
CVE-2023-44255
was published
Nov 12, 2024
Sensitive information disclosure due to spell-jacking. The following products are affected:...
Moderate
Unreviewed
CVE-2024-49386
was published
Oct 17, 2024
An attacker with no knowledge of the current users in the web application, could build a...
Moderate
Unreviewed
CVE-2024-8891
was published
Sep 18, 2024
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an...
Moderate
Unreviewed
CVE-2024-44113
was published
Sep 10, 2024
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access...
Moderate
Unreviewed
CVE-2024-41729
was published
Sep 10, 2024
Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal...
Moderate
Unreviewed
CVE-2024-37136
was published
Sep 3, 2024
Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior...
Moderate
Unreviewed
CVE-2024-6053
was published
Aug 28, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-38103
was published
Jul 26, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-29987
was published
Apr 18, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-29986
was published
Apr 18, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Moderate
CVE-2024-29888
was published
for
saleor
(pip)
Mar 28, 2024
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser...
Moderate
Unreviewed
CVE-2023-25632
was published
Nov 27, 2023
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the...
Moderate
Unreviewed
CVE-2023-34085
was published
Oct 25, 2023
Sensitive information disclosure due to spell-jacking. The following products are affected:...
Moderate
Unreviewed
CVE-2023-44156
was published
Sep 27, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15...
Moderate
Unreviewed
CVE-2023-1936
was published
Jul 11, 2023
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series...
Moderate
Unreviewed
CVE-2023-22918
was published
Apr 24, 2023
Information exposure in microweber
Moderate
CVE-2023-2239
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
Moderate
CVE-2022-41936
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Nov 21, 2022
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA),...
Moderate
Unreviewed
CVE-2022-20942
was published
Nov 4, 2022
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription...
Moderate
Unreviewed
CVE-2022-0852
was published
Aug 29, 2022
ProTip!
Advisories are also available from the
GraphQL API