GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
507 advisories
Filter by severity
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Toshiba printers will display the password of the admin user in clear-text and additional...
Moderate
Unreviewed
CVE-2024-27163
was published
Jun 14, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper...
High
Unreviewed
CVE-2024-37393
was published
Jun 10, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Plain text credentials and session ID can be captured with a network sniffer.
Moderate
Unreviewed
CVE-2024-37183
was published
Jun 21, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session....
High
Unreviewed
CVE-2024-5996
was published
Jun 14, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30209
was published
May 14, 2024
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user...
Moderate
Unreviewed
CVE-2024-0098
was published
May 14, 2024
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2...
Moderate
Unreviewed
CVE-2023-51201
was published
Jan 24, 2024
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information...
Moderate
Unreviewed
CVE-2022-38710
was published
Nov 4, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
TYPO3 Information Disclosure Vulnerability
Moderate
CVE-2017-6370
was published
for
typo3/cms
(Composer)
May 13, 2022
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could...
High
Unreviewed
CVE-2024-4161
was published
Apr 25, 2024
Windows Printing Service Spoofing Vulnerability
High
Unreviewed
CVE-2024-21406
was published
Feb 13, 2024
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config...
High
Unreviewed
CVE-2022-47892
was published
Oct 3, 2023
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ...
Critical
Unreviewed
CVE-2019-17393
was published
May 24, 2022
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to...
Moderate
Unreviewed
CVE-2020-14171
was published
May 24, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using...
High
Unreviewed
CVE-2022-42916
was published
Oct 29, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure...
Moderate
Unreviewed
CVE-2022-30115
was published
Jun 3, 2022
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment...
High
Unreviewed
CVE-2023-38276
was published
Oct 22, 2023
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container...
High
Unreviewed
CVE-2023-38275
was published
Oct 22, 2023
ProTip!
Advisories are also available from the
GraphQL API