Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

256 advisories

Loading
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that... Moderate Unreviewed
CVE-2024-45101 was published Sep 13, 2024
IPMI credentials may be captured in XCC audit log entries when the account username length is 16... Moderate Unreviewed
CVE-2024-8059 was published Sep 13, 2024
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies.... Moderate Unreviewed
CVE-2024-43180 was published Sep 13, 2024
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an... Moderate Unreviewed
CVE-2024-41927 was published Sep 4, 2024
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with... Moderate Unreviewed
CVE-2024-31799 was published Aug 15, 2024
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability Moderate
CVE-2024-38167 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Aug 13, 2024
Under certain circumstances exacqVision Web Services will not enforce secure web communications ... Moderate Unreviewed
CVE-2024-32864 was published Aug 1, 2024
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device,... Moderate Unreviewed
CVE-2024-5631 was published Jul 9, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Plain text credentials and session ID can be captured with a network sniffer. Moderate Unreviewed
CVE-2024-37183 was published Jun 21, 2024
Toshiba printers will display the password of the admin user in clear-text and additional... Moderate Unreviewed
CVE-2024-27163 was published Jun 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed
CVE-2024-35210 was published Jun 11, 2024
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user... Moderate Unreviewed
CVE-2024-0098 was published May 14, 2024
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive... Moderate Unreviewed
CVE-2024-28275 was published Apr 3, 2024
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical... Moderate Unreviewed
CVE-2023-27291 was published Mar 3, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2023-47745 was published Mar 3, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3... Moderate Unreviewed
CVE-2023-42016 was published Feb 9, 2024
An attacker with access to the network where the affected devices are located could... Moderate Unreviewed
CVE-2023-40544 was published Feb 7, 2024
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS)... Moderate Unreviewed
CVE-2023-50962 was published Feb 2, 2024
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2... Moderate Unreviewed
CVE-2023-51201 was published Jan 24, 2024
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the... Moderate Unreviewed
CVE-2023-46889 was published Jan 23, 2024
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local... Moderate Unreviewed
CVE-2023-42144 was published Jan 23, 2024
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System,... Moderate Unreviewed
CVE-2023-46447 was published Jan 20, 2024
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior... Moderate Unreviewed
CVE-2023-6094 was published Dec 31, 2023
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user... Moderate Unreviewed
CVE-2023-34829 was published Dec 28, 2023
ProTip! Advisories are also available from the GraphQL API