Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,477 advisories

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-35263 was published Jun 11, 2024
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-37325 was published Jun 11, 2024
Windows Cryptographic Services Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-30096 was published Jun 11, 2024
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with... Moderate Unreviewed
CVE-2024-5813 was published Jun 11, 2024
This allows the information exposure to unauthorized users. This issue affects NetIQ Access... Moderate Unreviewed
CVE-2020-11843 was published Jun 11, 2024
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated... Low Unreviewed
CVE-2024-34684 was published Jun 11, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non... Moderate Unreviewed
CVE-2024-28164 was published Jun 11, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter... Moderate Unreviewed
CVE-2024-35682 was published Jun 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC... Moderate Unreviewed
CVE-2024-35691 was published Jun 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web... Moderate Unreviewed
CVE-2024-35710 was published Jun 8, 2024
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Zend-developer-tools information disclosure vulnerability Moderate
GHSA-qg7m-mwxm-j3h7 was published for zendframework/zend-developer-tools (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-6487-3qvg-8px9 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions Moderate
GHSA-f624-8hfq-5fh3 was published for typo3/cms (Composer) Jun 7, 2024
netplan leaks the private key of wireguard to local users. A security fix will be released soon. Moderate Unreviewed
CVE-2022-4968 was published Jun 7, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure... Critical Unreviewed
CVE-2024-5133 was published Jun 6, 2024
Arbitrary system path lookup in h20 Moderate
CVE-2024-5550 was published for h2o (pip) Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4008 was published Jun 5, 2024
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password... Moderate Unreviewed
CVE-2024-3716 was published Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API