Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,665 advisories

Loading
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix... High Unreviewed
CVE-2025-0659 was published Jan 28, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... High Unreviewed
CVE-2024-13562 was published Jan 25, 2025
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent... High Unreviewed
CVE-2024-43707 was published Jan 23, 2025
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... High Unreviewed
CVE-2024-12142 was published Jan 17, 2025
Eugeny Tabby Sends Password Despite Host Key Verification Failure High
CVE-2024-48460 was published for tabby-ssh (npm) Jan 17, 2025
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This... High Unreviewed
CVE-2025-0472 was published Jan 16, 2025
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials High
CVE-2024-50338 was published for git-credential-manager (NuGet) Jan 14, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid... High Unreviewed
CVE-2023-24010 was published Jan 9, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid... High Unreviewed
CVE-2023-24012 was published Jan 9, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid... High Unreviewed
CVE-2023-24011 was published Jan 9, 2025
fetch: Authorization headers not dropped when redirecting cross-origin High
CVE-2025-21620 was published for deno (Rust) Jan 6, 2025
rexxars
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2024-47922 was published Dec 30, 2024
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal High
CVE-2024-56509 was published for changedetection.io (pip) Dec 27, 2024
vicevirus
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member... High Unreviewed
CVE-2024-8326 was published Dec 17, 2024
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024 withdrawn
PQClean has a correctness error in HQC decapsulation High
GHSA-753p-wrj5-g8fj was published for pqcrypto-hqc (Rust) Dec 11, 2024
dgoudarzi SWilson4
Directus allows unauthenticated access to WebSocket events and operations High
CVE-2024-54151 was published for @directus/api (npm) Dec 9, 2024
SeanDylanGoff fishuke
Modified package published to npm, containing malware that exfiltrates private key material High
CVE-2024-54134 was published for @solana/web3.js (npm) Dec 4, 2024
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated... High Unreviewed
CVE-2024-52323 was published Nov 27, 2024
Information disclosure due to uninitialized variable. High Unreviewed
CVE-2017-18306 was published Nov 26, 2024
Information disclosure possible while audio playback. High Unreviewed
CVE-2017-18307 was published Nov 26, 2024
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If... High Unreviewed
CVE-2024-38647 was published Nov 22, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database