Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

345 advisories

Loading
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an... High Unreviewed
CVE-2024-51240 was published Nov 5, 2024
Exposure of vSphere's CPI and CSI credentials in Rancher High
CVE-2022-45157 was published for github.com/rancher/rancher (Go) Oct 25, 2024
OpenRefine leaks Google API credentials in releases High
GHSA-3pg4-qwc8-426r was published for org.openrefine:openrefine (Maven) Oct 24, 2024
Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which... High Unreviewed
CVE-2024-43812 was published Oct 23, 2024
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is... High Unreviewed
CVE-2024-7755 was published Oct 17, 2024
The affected product is vulnerable due to insufficiently protected credentials, which may allow... High Unreviewed
CVE-2024-49396 was published Oct 17, 2024
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,... High Unreviewed
CVE-2024-28981 was published Sep 12, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an... High Unreviewed
CVE-2024-20489 was published Sep 11, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to... High Unreviewed
CVE-2024-44815 was published Sep 10, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code... High Unreviewed
CVE-2024-40710 was published Sep 7, 2024
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow... High Unreviewed
CVE-2023-49233 was published Sep 3, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed
CVE-2024-39818 was published Aug 14, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-7389 was published Aug 2, 2024
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote... High Unreviewed
CVE-2024-6492 was published Jul 16, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed
CVE-2024-38453 was published Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed
CVE-2023-41926 was published Jul 2, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed
CVE-2024-27109 was published May 14, 2024
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed
CVE-2024-29941 was published May 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed
CVE-2023-37400 was published Apr 19, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed
CVE-2023-41677 was published Apr 9, 2024
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network... High Unreviewed
CVE-2024-29071 was published Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database