Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

283 advisories

Loading
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it... High Unreviewed
CVE-2023-22862 was published Jun 5, 2023
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to... High Unreviewed
CVE-2024-44815 was published Sep 10, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,... High Unreviewed
CVE-2024-28981 was published Sep 12, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code... High Unreviewed
CVE-2024-40710 was published Sep 7, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed
CVE-2024-39818 was published Aug 14, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-7389 was published Aug 2, 2024
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access... High Unreviewed
CVE-1999-0013 was published Apr 30, 2022
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed
CVE-2024-29941 was published May 7, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs... High Unreviewed
CVE-2019-20470 was published May 24, 2022
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed
CVE-2022-47037 was published Mar 18, 2024
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the... High Unreviewed
CVE-2020-11925 was published May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an... High Unreviewed
CVE-2020-29583 was published May 24, 2022
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed
CVE-2024-38453 was published Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed
CVE-2023-41926 was published Jul 2, 2024
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker... High Unreviewed
CVE-2021-40655 was published May 24, 2022
Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed
CVE-2024-27109 was published May 14, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed
CVE-2023-37400 was published Apr 19, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed
CVE-2023-41677 was published Apr 9, 2024
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules High Unreviewed
CVE-2023-28089 was published Apr 25, 2023
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified... High Unreviewed
CVE-2019-10981 was published May 24, 2022
Fleet before 2.1.2 allows exposure of SMTP credentials. High Unreviewed
CVE-2019-1020009 was published May 24, 2022
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database