Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `... Critical Unreviewed
CVE-2024-0765 was published Mar 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor... Critical Unreviewed
CVE-2024-27905 was published Feb 27, 2024
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability Critical
CVE-2023-6572 was published for gradio (pip) Dec 14, 2023
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary... Critical Unreviewed
CVE-2023-6248 was published Nov 22, 2023
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed
CVE-2023-49103 was published Nov 22, 2023
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with... Critical Unreviewed
CVE-2023-39337 was published Nov 15, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive... Critical Unreviewed
CVE-2023-5576 was published Oct 20, 2023
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to... Critical Unreviewed
CVE-2023-5642 was published Oct 18, 2023
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,... Critical Unreviewed
CVE-2023-40622 was published Sep 13, 2023
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which... Critical Unreviewed
CVE-2023-0925 was published Sep 6, 2023
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform ... Critical Unreviewed
CVE-2023-28765 was published Jul 6, 2023
HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker... Critical Unreviewed
CVE-2023-24838 was published Jul 6, 2023
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-48510 was published Jul 6, 2023
Vulnerability of incomplete read and write permission verification in the GPU module. Successful... Critical Unreviewed
CVE-2021-46891 was published Jul 5, 2023
Key management vulnerability on system. Successful exploitation of this vulnerability may affect... Critical Unreviewed
CVE-2023-3455 was published Jul 5, 2023
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM... Critical Unreviewed
CVE-2023-32113 was published May 9, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database