GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
315 advisories
Filter by severity
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Grafana User enumeration via forget password
High
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of...
Critical
Unreviewed
CVE-2024-28285
was published
May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain...
Low
Unreviewed
CVE-2023-23474
was published
May 3, 2024
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-28939
was published
Apr 9, 2024
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-dspi: Fix a...
Moderate
Unreviewed
CVE-2021-47161
was published
Mar 25, 2024
.NET Framework Information Disclosure Vulnerability
High
Unreviewed
CVE-2024-29059
was published
Mar 23, 2024
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive...
Low
Unreviewed
CVE-2022-32756
was published
Mar 22, 2024
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue...
Moderate
Unreviewed
CVE-2024-2009
was published
Feb 29, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product...
Moderate
Unreviewed
CVE-2024-21866
was published
Feb 2, 2024
An email address enumeration vulnerability exists in the password reset function of SEO Panel...
Moderate
Unreviewed
CVE-2024-22646
was published
Jan 30, 2024
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error...
Moderate
Unreviewed
CVE-2024-21619
was published
Jan 26, 2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an...
Moderate
Unreviewed
CVE-2023-47152
was published
Jan 22, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device...
Moderate
Unreviewed
CVE-2023-49107
was published
Jan 16, 2024
Windows TCP/IP Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-21313
was published
Jan 9, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed...
Moderate
Unreviewed
CVE-2023-45701
was published
Dec 28, 2023
ONTAP Mediator versions prior to 1.7 are susceptible to a
vulnerability that can allow an...
Moderate
Unreviewed
CVE-2023-27319
was published
Dec 22, 2023
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-47703
was published
Dec 20, 2023
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2...
Moderate
Unreviewed
CVE-2023-42013
was published
Dec 20, 2023
Due to improper error handling, a REST API resource could expose a server side error containing...
Moderate
Unreviewed
CVE-2023-6839
was published
Dec 15, 2023
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user...
Moderate
Unreviewed
CVE-2023-48393
was published
Dec 15, 2023
ProTip!
Advisories are also available from the
GraphQL API