GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
517 advisories
Filter by severity
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak...
Moderate
Unreviewed
CVE-2024-40090
was published
Oct 21, 2024
Cleartext transmission of sensitive information in acep-collector service. The following products...
Moderate
Unreviewed
CVE-2024-49387
was published
Oct 15, 2024
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2024-48788
was published
Oct 11, 2024
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which...
Moderate
Unreviewed
CVE-2024-9620
was published
Oct 8, 2024
** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage...
High
Unreviewed
CVE-2024-47789
was published
Oct 4, 2024
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses...
High
Unreviewed
CVE-2024-7713
was published
Sep 27, 2024
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users.
These callsigns reveal...
Low
Unreviewed
CVE-2024-45838
was published
Sep 26, 2024
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal...
Low
Unreviewed
CVE-2024-47124
was published
Sep 26, 2024
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that...
Moderate
Unreviewed
CVE-2024-45101
was published
Sep 13, 2024
IPMI credentials may be captured in XCC audit log entries when the account username length is 16...
Moderate
Unreviewed
CVE-2024-8059
was published
Sep 13, 2024
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies....
Moderate
Unreviewed
CVE-2024-43180
was published
Sep 13, 2024
Cleartext transmission of sensitive information in the management console of Ivanti Workspace...
High
Unreviewed
CVE-2024-44105
was published
Sep 10, 2024
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an...
Moderate
Unreviewed
CVE-2024-41927
was published
Sep 4, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags
Moderate
CVE-2024-47833
was published
for
taipy
(pip)
Aug 27, 2024
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with...
Moderate
Unreviewed
CVE-2024-31799
was published
Aug 15, 2024
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
Moderate
CVE-2024-38167
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Aug 13, 2024
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of...
High
Unreviewed
CVE-2024-7408
was published
Aug 12, 2024
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly...
Critical
Unreviewed
CVE-2024-38891
was published
Aug 2, 2024
Under certain circumstances exacqVision Web Services will not enforce secure web communications ...
Moderate
Unreviewed
CVE-2024-32864
was published
Aug 1, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password...
High
Unreviewed
CVE-2024-41687
was published
Jul 26, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device,...
Moderate
Unreviewed
CVE-2024-5631
was published
Jul 9, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Plain text credentials and session ID can be captured with a network sniffer.
Moderate
Unreviewed
CVE-2024-37183
was published
Jun 21, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session....
High
Unreviewed
CVE-2024-5996
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API