Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,767 advisories

Loading
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8538 was published Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium Moderate
CVE-2022-24797 was published for github.com/pomerium/pomerium (Go) Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic ivokub
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property Moderate
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2024-7415 was published Sep 6, 2024
A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This... Moderate Unreviewed
CVE-2024-8461 was published Sep 5, 2024
A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01.... Moderate Unreviewed
CVE-2024-8460 was published Sep 5, 2024
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2024-6835 was published Sep 5, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2024-20503 was published Sep 4, 2024
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the... Moderate Unreviewed
CVE-2024-44820 was published Sep 4, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-8106 was published Sep 4, 2024
Access control vulnerability in the camera framework module Impact: Successful exploitation of... Moderate Unreviewed
CVE-2024-45447 was published Sep 4, 2024
Permission control vulnerability in the software update module. Impact: Successful exploitation... Moderate Unreviewed
CVE-2024-45450 was published Sep 4, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD Moderate
CVE-2024-43803 was published for github.com/metal3-io/baremetal-operator (Go) Sep 3, 2024
Tina search token leak via lock file in TinaCMS High
CVE-2024-45391 was published for @tinacms/cli (npm) Sep 3, 2024
kldavis4 mattsbennett
Hwameistor Potential Permission Leakage of Cluster Level Low
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-2541 was published Aug 29, 2024
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-3679 was published Aug 29, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full... Moderate Unreviewed
CVE-2024-6551 was published Aug 29, 2024
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for... Moderate Unreviewed
CVE-2024-7418 was published Aug 29, 2024
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server... Moderate Unreviewed
CVE-2021-22529 was published Aug 28, 2024
ProTip! Advisories are also available from the GraphQL API