Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Toshiba printers will display the password of the admin user in clear-text and additional... Moderate Unreviewed
CVE-2024-27163 was published Jun 14, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper... High Unreviewed
CVE-2024-37393 was published Jun 10, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Plain text credentials and session ID can be captured with a network sniffer. Moderate Unreviewed
CVE-2024-37183 was published Jun 21, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session.... High Unreviewed
CVE-2024-5996 was published Jun 14, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-30209 was published May 14, 2024
An unauthenticated remote attacker... High Unreviewed
CVE-2024-28134 was published May 14, 2024
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user... Moderate Unreviewed
CVE-2024-0098 was published May 14, 2024
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2... Moderate Unreviewed
CVE-2023-51201 was published Jan 24, 2024
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
TYPO3 Information Disclosure Vulnerability Moderate
CVE-2017-6370 was published for typo3/cms (Composer) May 13, 2022
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could... High Unreviewed
CVE-2024-4161 was published Apr 25, 2024
Windows Printing Service Spoofing Vulnerability High Unreviewed
CVE-2024-21406 was published Feb 13, 2024
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config... High Unreviewed
CVE-2022-47892 was published Oct 3, 2023
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ... Critical Unreviewed
CVE-2019-17393 was published May 24, 2022
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to... Moderate Unreviewed
CVE-2020-14171 was published May 24, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using... High Unreviewed
CVE-2022-42916 was published Oct 29, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking... High Unreviewed
CVE-2021-22946 was published May 24, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure... Moderate Unreviewed
CVE-2022-30115 was published Jun 3, 2022
dectalk-tts Uses Unencrypted HTTP Request High
CVE-2024-31206 was published for dectalk-tts (npm) Apr 4, 2024
AverageHelper JstnMcBrd
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment... High Unreviewed
CVE-2023-38276 was published Oct 22, 2023
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container... High Unreviewed
CVE-2023-38275 was published Oct 22, 2023
ProTip! Advisories are also available from the GraphQL API