Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

304 advisories

Loading
Duplicate Advisory: Juju leaks of the sensitive context ID High
GHSA-8c64-q78q-87r6 was published for github.com/juju/juju (Go) Jul 29, 2024 withdrawn
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the... Low Unreviewed
CVE-2024-3454 was published Jul 24, 2024
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-35640 was published Jul 17, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39737 was published Jul 15, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-35119 was published Jun 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-50953 was published Jun 30, 2024
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a... Moderate Unreviewed
CVE-2024-35156 was published Jun 29, 2024
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2024-35155 was published Jun 28, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application... Moderate Unreviewed
CVE-2024-31844 was published May 21, 2024
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of... Critical Unreviewed
CVE-2024-28285 was published May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain... Low Unreviewed
CVE-2023-23474 was published May 3, 2024
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-28939 was published Apr 9, 2024
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a... Moderate Unreviewed
CVE-2021-47161 was published Mar 25, 2024
.NET Framework Information Disclosure Vulnerability High Unreviewed
CVE-2024-29059 was published Mar 23, 2024
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-32756 was published Mar 22, 2024
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue... Moderate Unreviewed
CVE-2024-2009 was published Feb 29, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product... Moderate Unreviewed
CVE-2024-21866 was published Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database