Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,468 advisories

Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing... High Unreviewed
CVE-2024-22154 was published Jan 24, 2024
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation... High Unreviewed
CVE-2023-44112 was published Jan 16, 2024
The "tokenKey" value used in user authorization is visible in the HTML source of the login page. High Unreviewed
CVE-2023-49261 was published Jan 12, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon... High Unreviewed
CVE-2023-52190 was published Jan 8, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe... High Unreviewed
CVE-2023-52143 was published Jan 5, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
There is a possible information disclosure due to a missing permission check. This could lead to... High Unreviewed
CVE-2023-4164 was published Jan 3, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange... High Unreviewed
CVE-2022-44589 was published Dec 29, 2023
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when... High Unreviewed
CVE-2023-50968 was published Dec 26, 2023
Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to... High Unreviewed
CVE-2023-40058 was published Dec 21, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress... High Unreviewed
CVE-2023-48288 was published Dec 21, 2023
A potential security vulnerability has been identified with HP-UX System Management Homepage ... High Unreviewed
CVE-2023-50271 was published Dec 17, 2023
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version... High Unreviewed
CVE-2023-0248 was published Dec 14, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A... High Unreviewed
CVE-2023-48671 was published Dec 14, 2023
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757,... High Unreviewed
CVE-2023-49580 was published Dec 12, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx savely-krasovsky
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid... High Unreviewed
CVE-2023-40211 was published Nov 30, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress... High Unreviewed
CVE-2023-44150 was published Nov 30, 2023
ProTip! Advisories are also available from the GraphQL API