GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,477 advisories
Filter by severity
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-35263
was published
Jun 11, 2024
Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-37325
was published
Jun 11, 2024
Windows Cryptographic Services Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-30096
was published
Jun 11, 2024
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with...
Moderate
Unreviewed
CVE-2024-5813
was published
Jun 11, 2024
This allows the information exposure to unauthorized users. This issue affects NetIQ Access...
Moderate
Unreviewed
CVE-2020-11843
was published
Jun 11, 2024
On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated...
Low
Unreviewed
CVE-2024-34684
was published
Jun 11, 2024
SAP NetWeaver AS Java (CAF - Guided Procedures)
allows an unauthenticated user to access non...
Moderate
Unreviewed
CVE-2024-28164
was published
Jun 11, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter...
Moderate
Unreviewed
CVE-2024-35682
was published
Jun 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC...
Moderate
Unreviewed
CVE-2024-35691
was published
Jun 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web...
Moderate
Unreviewed
CVE-2024-35710
was published
Jun 8, 2024
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
Zend-developer-tools information disclosure vulnerability
Moderate
GHSA-qg7m-mwxm-j3h7
was published
for
zendframework/zend-developer-tools
(Composer)
Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-6487-3qvg-8px9
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions
Moderate
GHSA-f624-8hfq-5fh3
was published
for
typo3/cms
(Composer)
Jun 7, 2024
netplan leaks the private key of wireguard to local users. A security fix will be released soon.
Moderate
Unreviewed
CVE-2022-4968
was published
Jun 7, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically...
High
Unreviewed
CVE-2024-5124
was published
Jun 6, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure...
Critical
Unreviewed
CVE-2024-5133
was published
Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows...
Critical
Unreviewed
CVE-2024-4008
was published
Jun 5, 2024
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password...
Moderate
Unreviewed
CVE-2024-3716
was published
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API