GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 ...
Moderate
Unreviewed
CVE-2024-6747
was published
Oct 10, 2024
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of...
Moderate
Unreviewed
CVE-2024-47128
was published
Sep 26, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6...
Moderate
Unreviewed
CVE-2023-3399
was published
Nov 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3,...
Moderate
Unreviewed
CVE-2023-3949
was published
Dec 1, 2023
A sensitive information leak issue has been discovered in GitLab EE affecting all versions...
Moderate
Unreviewed
CVE-2023-3102
was published
Jul 21, 2023
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29...
Moderate
Unreviewed
CVE-2023-1401
was published
Jul 26, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8...
Moderate
Unreviewed
CVE-2023-4002
was published
Aug 4, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16...
Moderate
Unreviewed
CVE-2023-4378
was published
Sep 1, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10...
Moderate
Unreviewed
CVE-2023-1825
was published
Jun 7, 2023
goTenna Pro ATAK Plugin by default enables frequent unencrypted
Position, Location and...
Moderate
Unreviewed
CVE-2024-43814
was published
Sep 26, 2024
The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the...
Moderate
Unreviewed
CVE-2024-41931
was published
Sep 26, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php...
Moderate
Unreviewed
CVE-2024-37881
was published
Jun 19, 2024
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative...
Moderate
Unreviewed
CVE-2024-31200
was published
Jul 31, 2024
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico
Moderate
CVE-2020-13597
was published
for
github.com/projectcalico/calico
(Go)
Feb 15, 2022
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4...
Moderate
Unreviewed
CVE-2023-32275
was published
Oct 12, 2023
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided...
Moderate
Unreviewed
CVE-2022-27779
was published
Jun 3, 2022
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when...
Moderate
Unreviewed
CVE-2019-15580
was published
May 24, 2022
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password"...
Moderate
Unreviewed
CVE-2024-28173
was published
Mar 6, 2024
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3...
Moderate
Unreviewed
CVE-2024-26270
was published
Feb 20, 2024
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2,...
Moderate
Unreviewed
CVE-2024-25150
was published
Feb 20, 2024
An information disclosure vulnerability exists in the challenge functionality of instipod...
Moderate
Unreviewed
CVE-2023-49594
was published
Dec 23, 2023
Remote Memory Exposure in mongoose
Moderate
GHSA-r5xw-q988-826m
was published
for
mongoose
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API