Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,552 advisories

Typo3 Information Disclosure in Page Tree Low
GHSA-h934-f4m4-wc8x was published for typo3/cms (Composer) Jun 5, 2024
Information Disclosure in TYPO3 CMS Low
GHSA-c7p6-3c9c-f88q was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary JavaScript execution due to using outdated libraries Low
GHSA-4m3g-6r7g-jv4f was published for gradio_pdf (pip) Jun 5, 2024
isacaya
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP... Low Unreviewed
CVE-2023-52147 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login... Low Unreviewed
CVE-2023-48335 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries... Low Unreviewed
CVE-2023-49822 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode... Low Unreviewed
CVE-2023-49741 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur,... Low Unreviewed
CVE-2023-49748 was published Jun 4, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login... Low Unreviewed
CVE-2023-47818 was published Jun 4, 2024
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality... Low Unreviewed
CVE-2023-47769 was published Jun 4, 2024
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality... Low Unreviewed
CVE-2023-27437 was published Jun 4, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar,... Low Unreviewed
CVE-2023-24373 was published Jun 4, 2024
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Password confirmation stored in plain text via registration form in statamic/cms Low
CVE-2024-36119 was published for statamic/cms (Composer) Jun 2, 2024
Slack integration leaks sensitive information in logs Low
CVE-2024-35196 was published for sentry (pip) Jun 2, 2024
asottile asottile-sentry
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva
silverstripe/framework sends passwords back to browsers under some circumstances Low
GHSA-vh7q-j8p5-2h4h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework password encryption salt not updated Low
GHSA-f3wp-xpv2-6vmg was published for silverstripe/framework (Composer) May 27, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. Low Unreviewed
CVE-2024-29852 was published May 23, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor Low
GHSA-779c-7w4p-2c4g was published for silverstripe/admin (Composer) May 22, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
ProTip! Advisories are also available from the GraphQL API