GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
432 advisories
Filter by severity
Apache Answer: Predictable Authorization Token Using UUIDv1
Low
CVE-2024-45719
was published
for
github.com/apache/incubator-answer
(Go)
Nov 22, 2024
Apache Tomcat - XSS in generated JSPs
Moderate
CVE-2024-52318
was published
for
org.apache.tomcat:tomcat-jasper
(Maven)
Nov 18, 2024
Apache Tomcat Request and/or response mix-up
Moderate
CVE-2024-52317
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 18, 2024
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800,...
Moderate
Unreviewed
CVE-2024-45259
was published
Oct 24, 2024
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows...
Low
Unreviewed
CVE-2023-6728
was published
Oct 17, 2024
An unauthenticated local attacker can decrypt the devices config file and therefore compromise...
High
Unreviewed
CVE-2024-45273
was published
Oct 15, 2024
Dozzle uses unsafe hash for passwords
Low
CVE-2024-47182
was published
for
github.com/amir20/dozzle
(Go)
Oct 9, 2024
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive...
High
Unreviewed
CVE-2024-41594
was published
Oct 3, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain...
High
Unreviewed
CVE-2024-8455
was published
Sep 30, 2024
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
High
Unreviewed
CVE-2024-22892
was published
Sep 25, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
Insufficient or weak TLS protocol version identified in Advance authentication client server...
High
Unreviewed
CVE-2021-38121
was published
Aug 28, 2024
Inadequate encryption strength for some BMRA software before version 22.08 may allow an...
High
Unreviewed
CVE-2024-21787
was published
Aug 14, 2024
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The...
Moderate
Unreviewed
CVE-2024-41681
was published
Aug 13, 2024
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation...
High
Unreviewed
CVE-2024-5800
was published
Aug 12, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow...
High
Unreviewed
CVE-2024-42163
was published
Aug 12, 2024
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary...
High
Unreviewed
CVE-2024-21881
was published
Aug 12, 2024
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign...
Moderate
Unreviewed
CVE-2024-40719
was published
Aug 2, 2024
Under certain circumstances the communication between exacqVision Client and exacqVision Server...
Critical
Unreviewed
CVE-2024-32758
was published
Aug 2, 2024
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not...
Moderate
Unreviewed
CVE-2024-37034
was published
Jul 27, 2024
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC...
High
Unreviewed
CVE-2024-38867
was published
Jul 9, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
ProTip!
Advisories are also available from the
GraphQL API