Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

436 advisories

Loading
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47369 was published Nov 9, 2023
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47370 was published Nov 9, 2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47372 was published Nov 9, 2023
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47366 was published Nov 9, 2023
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to... Moderate Unreviewed
CVE-2023-47367 was published Nov 9, 2023
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47373 was published Nov 9, 2023
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). Moderate Unreviewed
CVE-2022-48193 was published Nov 6, 2023
The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47364 was published Nov 9, 2023
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to... Moderate Unreviewed
CVE-2023-47365 was published Nov 9, 2023
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47363 was published Nov 9, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when... Unknown Unreviewed
CVE-2023-2197 was published Jul 6, 2023
Dgraph Audit Log Encryption Vulnerability Moderate
CVE-2023-31135 was published for github.com/dgraph-io/dgraph (Go) May 17, 2023
HakuPiku joshua-goldstein
skrdgraph
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Moderate Unreviewed
CVE-2013-7484 was published May 5, 2022
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS,... Moderate Unreviewed
CVE-2021-36769 was published May 24, 2022
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is... Moderate Unreviewed
CVE-2021-31797 was published May 24, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,... Critical Unreviewed
CVE-2021-45512 was published Dec 27, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. High Unreviewed
CVE-2021-45484 was published Dec 26, 2021
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment... Moderate Unreviewed
CVE-2021-37540 was published May 24, 2022
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Moderate Unreviewed
CVE-2021-37588 was published May 24, 2022
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. High Unreviewed
CVE-2021-31898 was published May 24, 2022
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. High Unreviewed
CVE-2021-27885 was published May 24, 2022
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function... Moderate Unreviewed
CVE-2021-23126 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database