Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,908 advisories

Loading
Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch... Moderate Unreviewed
CVE-2024-52032 was published Nov 9, 2024
The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-10352 was published Nov 9, 2024
The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-8756 was published Nov 9, 2024
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the... Critical Unreviewed
CVE-2024-10285 was published Nov 9, 2024
Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information... Low Unreviewed
CVE-2024-48011 was published Nov 8, 2024
A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this... Moderate Unreviewed
CVE-2024-10965 was published Nov 7, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
Gradio vulnerable to arbitrary file read with File and UploadButton components Moderate
CVE-2024-51751 was published for gradio (pip) Nov 6, 2024
ifratric
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800... Moderate Unreviewed
CVE-2024-20445 was published Nov 6, 2024
A vulnerability in the logging component of Cisco Unified Communications Manager IM &amp;... Moderate Unreviewed
CVE-2024-20457 was published Nov 6, 2024
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated... Moderate Unreviewed
CVE-2024-20507 was published Nov 6, 2024
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the... High Unreviewed
CVE-2024-6861 was published Nov 6, 2024
A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325... Moderate Unreviewed
CVE-2024-10916 was published Nov 6, 2024
Exposure of secrets through system log in Jenkins Structs Plugin Low
CVE-2024-39458 was published for org.jenkins-ci.plugins:structs (Maven) Jun 26, 2024
A vulnerability was found in Foreman's loader macros introduced with report templates. These... Moderate Unreviewed
CVE-2024-8553 was published Oct 31, 2024
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic... Moderate Unreviewed
CVE-2024-10084 was published Nov 6, 2024
Under certain conditions, through a request directed to the Waybox Enel X web management... Moderate Unreviewed
CVE-2023-29116 was published Nov 5, 2024
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-10329 was published Nov 5, 2024
System logs could be accessed through web management application due to a lack of access control.... Moderate Unreviewed
CVE-2023-29114 was published Nov 5, 2024
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-10319 was published Nov 5, 2024
hornetq vulnerable to file overwrite, sensitive information disclosure High
CVE-2024-51127 was published for org.hornetq:hornetq-core-client (Maven) Nov 4, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
img_auth.php may leak private extension images into the public cache Moderate
CVE-2020-15005 was published for mediawiki/core (Composer) May 24, 2022
Rudloff
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database