Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,730 advisories

Loading
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
In affected versions of Octopus Server under certain conditions, a user with specific role... Low Unreviewed
CVE-2024-4811 was published Jul 25, 2024
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all... Low Unreviewed
CVE-2024-7060 was published Jul 25, 2024
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior... Low Unreviewed
CVE-2024-0231 was published Jul 25, 2024
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data... Low Unreviewed
CVE-2024-21684 was published Jul 24, 2024
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user... Low Unreviewed
CVE-2024-37533 was published Jul 24, 2024
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the... Low Unreviewed
CVE-2024-3454 was published Jul 24, 2024
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time Low Unreviewed
CVE-2024-41828 was published Jul 22, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space... Low Unreviewed
CVE-2024-41829 was published Jul 22, 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page Low Unreviewed
CVE-2024-41826 was published Jul 22, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability Low
CVE-2024-32152 was published for anki (pip) Jul 22, 2024
The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to... Low Unreviewed
CVE-2024-6694 was published Jul 20, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
Apache CXF allows unrestricted memory consumption in CXF HTTP clients Low
CVE-2024-41172 was published for org.apache.cxf:cxf-rt-transports-http (Maven) Jul 19, 2024
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which... Low Unreviewed
CVE-2024-30130 was published Jul 19, 2024
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0... Low Unreviewed
CVE-2024-38806 was published Jul 18, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses Low
CVE-2024-40647 was published for sentry-sdk (pip) Jul 18, 2024
kmichel-aiven
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition... Low Unreviewed
CVE-2024-38870 was published Jul 17, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2... Low Unreviewed
CVE-2023-42010 was published Jul 17, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material Low
CVE-2024-40640 was published for vodozemac (Rust) Jul 17, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error Low
CVE-2024-40636 was published for Steeltoe.Discovery.ClientAutofac (NuGet) Jul 17, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11... Low Unreviewed
CVE-2024-6595 was published Jul 17, 2024
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The... Low Unreviewed
CVE-2024-21151 was published Jul 17, 2024
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Low Unreviewed
CVE-2024-21164 was published Jul 17, 2024
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are... Low Unreviewed
CVE-2024-21174 was published Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API