Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

9,040 advisories

Loading
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated... High Unreviewed
CVE-2024-52323 was published Nov 27, 2024
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11083 was published Nov 27, 2024
Information disclosure due to uninitialized variable. High Unreviewed
CVE-2017-18306 was published Nov 26, 2024
Information disclosure possible while audio playback. High Unreviewed
CVE-2017-18307 was published Nov 26, 2024
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-8899 was published Nov 26, 2024
The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is... Moderate Unreviewed
CVE-2024-11265 was published Nov 23, 2024
ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2024-7391 was published Nov 23, 2024
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If... High Unreviewed
CVE-2024-38647 was published Nov 22, 2024
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure... Moderate Unreviewed
CVE-2024-9542 was published Nov 22, 2024
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2024-10365 was published Nov 20, 2024
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an... Moderate Unreviewed
CVE-2020-3525 was published Nov 18, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. ... High Unreviewed
CVE-2024-45791 was published Nov 18, 2024
A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow... Moderate Unreviewed
CVE-2022-20648 was published Nov 15, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-8978 was published Nov 15, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce... High Unreviewed
CVE-2024-8979 was published Nov 15, 2024
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability... Critical Unreviewed
CVE-2024-3501 was published Nov 14, 2024
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability... Critical Unreviewed
CVE-2024-3502 was published Nov 14, 2024
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-47915 was published Nov 14, 2024
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier... Unknown Unreviewed
CVE-2024-10971 was published Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database