GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,734 advisories
Filter by severity
Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site...
Low
Unreviewed
CVE-2024-6620
was published
Jul 29, 2024
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as...
Low
Unreviewed
CVE-2024-7155
was published
Jul 28, 2024
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a...
Low
Unreviewed
CVE-2024-4786
was published
Jul 26, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Low
GHSA-66fw-43h8-f8p3
was published
for
xmp_toolkit
(Rust)
Jul 26, 2024
The kstring integration in gix-attributes is unsound
Low
GHSA-cx7h-h87r-jpgr
was published
for
gix-attributes
(Rust)
Jul 25, 2024
In affected versions of Octopus Server under certain conditions, a user with specific role...
Low
Unreviewed
CVE-2024-4811
was published
Jul 25, 2024
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all...
Low
Unreviewed
CVE-2024-7060
was published
Jul 25, 2024
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior...
Low
Unreviewed
CVE-2024-0231
was published
Jul 25, 2024
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data...
Low
Unreviewed
CVE-2024-21684
was published
Jul 24, 2024
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user...
Low
Unreviewed
CVE-2024-37533
was published
Jul 24, 2024
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the...
Low
Unreviewed
CVE-2024-3454
was published
Jul 24, 2024
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
Low
Unreviewed
CVE-2024-41828
was published
Jul 22, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space...
Low
Unreviewed
CVE-2024-41829
was published
Jul 22, 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
Low
Unreviewed
CVE-2024-41826
was published
Jul 22, 2024
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Low
CVE-2024-32152
was published
for
anki
(pip)
Jul 22, 2024
The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to...
Low
Unreviewed
CVE-2024-6694
was published
Jul 20, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Low
CVE-2024-41172
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
Jul 19, 2024
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which...
Low
Unreviewed
CVE-2024-30130
was published
Jul 19, 2024
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0...
Low
Unreviewed
CVE-2024-38806
was published
Jul 18, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2...
Low
Unreviewed
CVE-2023-42010
was published
Jul 17, 2024
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition...
Low
Unreviewed
CVE-2024-38870
was published
Jul 17, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Low
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Low
CVE-2024-40636
was published
for
Steeltoe.Discovery.ClientAutofac
(NuGet)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API