GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,552 advisories
Filter by severity
Typo3 Information Disclosure in Page Tree
Low
GHSA-h934-f4m4-wc8x
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Information Disclosure in TYPO3 CMS
Low
GHSA-c7p6-3c9c-f88q
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries
Low
GHSA-4m3g-6r7g-jv4f
was published
for
gradio_pdf
(pip)
Jun 5, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP...
Low
Unreviewed
CVE-2023-52147
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login...
Low
Unreviewed
CVE-2023-48335
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries...
Low
Unreviewed
CVE-2023-49822
was published
Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode...
Low
Unreviewed
CVE-2023-49741
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,...
Low
Unreviewed
CVE-2023-49748
was published
Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login...
Low
Unreviewed
CVE-2023-47818
was published
Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality...
Low
Unreviewed
CVE-2023-47769
was published
Jun 4, 2024
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality...
Low
Unreviewed
CVE-2023-27437
was published
Jun 4, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar,...
Low
Unreviewed
CVE-2023-24373
was published
Jun 4, 2024
SQL Injection in Harbor scan log API
Low
CVE-2024-22261
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
Slack integration leaks sensitive information in logs
Low
CVE-2024-35196
was published
for
sentry
(pip)
Jun 2, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
silverstripe/framework sends passwords back to browsers under some circumstances
Low
GHSA-vh7q-j8p5-2h4h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.
Low
Unreviewed
CVE-2024-29852
was published
May 23, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
ProTip!
Advisories are also available from the
GraphQL API