GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,468 advisories
Filter by severity
A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the...
High
Unreviewed
CVE-2024-3780
was published
Apr 15, 2024
A potential security vulnerability has been identified in Web ViewPoint Enterprise software....
High
Unreviewed
CVE-2024-22435
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
High
Unreviewed
CVE-2024-29839
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
High
Unreviewed
CVE-2024-29841
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
High
Unreviewed
CVE-2024-29842
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
High
Unreviewed
CVE-2024-29843
was published
Apr 15, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly...
High
Unreviewed
CVE-2024-29840
was published
Apr 15, 2024
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks...
High
Unreviewed
CVE-2024-30381
was published
Apr 12, 2024
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1...
High
Unreviewed
CVE-2024-2740
was published
Apr 11, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an...
High
Unreviewed
CVE-2024-25646
was published
Apr 9, 2024
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to...
High
Unreviewed
CVE-2024-2725
was published
Mar 22, 2024
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an...
High
Unreviewed
CVE-2024-2632
was published
Mar 19, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-200: Exposure of Sensitive...
High
Unreviewed
CVE-2024-27769
was published
Mar 18, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
This allows attackers to use a maliciously formed API request to gain access to an API...
High
Unreviewed
CVE-2024-1222
was published
Mar 14, 2024
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and...
High
Unreviewed
CVE-2024-1302
was published
Mar 12, 2024
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-21380
was published
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could...
High
Unreviewed
CVE-2024-0242
was published
Feb 8, 2024
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP...
High
Unreviewed
CVE-2024-23506
was published
Jan 27, 2024
ProTip!
Advisories are also available from the
GraphQL API