Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

584 advisories

Loading
Minder GetRepositoryByName data leak Moderate
CVE-2024-31455 was published for github.com/stacklok/minder (Go) Apr 9, 2024
eleftherias
Vite's `server.fs.deny` did not deny requests for patterns with directories. Moderate
CVE-2024-31207 was published for vite (npm) Apr 3, 2024
jtmcdole
Eclipse Vert.x memory leak Moderate
CVE-2024-1023 was published for io.vertx:vertx-core (Maven) Mar 27, 2024
marcelstoer
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi pryserv
Storefront user can access history and most viewed data from matching back-office user with the same ID Moderate
CVE-2023-48296 was published for oro/customer-portal (Composer) Mar 25, 2024
Pinned entity creation form shows wrong data Moderate
CVE-2023-45824 was published for oro/platform (Composer) Mar 25, 2024
Information leakage in YAQL Moderate
CVE-2024-29156 was published for yaql (pip) Mar 18, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
follow-redirects' Proxy-Authorization header kept across hosts Moderate
CVE-2024-28849 was published for follow-redirects (npm) Mar 14, 2024
4xpl0r3r RDIL
Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024
oscerd
Directus version number disclosure Moderate
CVE-2024-27296 was published for directus (npm) Mar 1, 2024
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
FullStackHero's WebAPI Boilerplate host header injection vulnerability Moderate
CVE-2024-26470 was published for FullStackHero.WebAPI.Boilerplate (NuGet) Feb 29, 2024
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key Moderate
CVE-2024-25119 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords Moderate
CVE-2024-25118 was published for typo3/cms-core (Composer) Feb 13, 2024
lolli42 ohader
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Enumeration of users in HashiCorp Vault Moderate
CVE-2020-35177 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-44312 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database