GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
462 advisories
Filter by severity
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms...
Moderate
Unreviewed
CVE-2021-39081
was published
Dec 19, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote...
Low
Unreviewed
CVE-2024-49820
was published
Dec 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote...
Moderate
Unreviewed
CVE-2024-49819
was published
Dec 17, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions...
Moderate
Unreviewed
CVE-2024-53246
was published
Dec 10, 2024
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information...
Low
Unreviewed
CVE-2024-47577
was published
Dec 10, 2024
Web browser interface may manipulate application username/password in clear text or Base64...
High
Unreviewed
CVE-2024-6515
was published
Dec 5, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2021-29892
was published
Dec 3, 2024
Improper data protection on the ventilator's serial interface could allow an attacker to send and...
Critical
Unreviewed
CVE-2024-9834
was published
Nov 14, 2024
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R)...
Moderate
Unreviewed
CVE-2024-28169
was published
Nov 13, 2024
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform...
High
Unreviewed
CVE-2024-50634
was published
Nov 8, 2024
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive...
Moderate
Unreviewed
CVE-2024-32946
was published
Oct 30, 2024
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in...
Low
Unreviewed
CVE-2024-8013
was published
Oct 28, 2024
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of...
Moderate
Unreviewed
CVE-2024-50624
was published
Oct 28, 2024
An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged...
Moderate
Unreviewed
CVE-2024-40595
was published
Oct 24, 2024
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak...
Moderate
Unreviewed
CVE-2024-40090
was published
Oct 21, 2024
Cleartext transmission of sensitive information in acep-collector service. The following products...
Moderate
Unreviewed
CVE-2024-49387
was published
Oct 15, 2024
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2024-48788
was published
Oct 11, 2024
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which...
Moderate
Unreviewed
CVE-2024-9620
was published
Oct 8, 2024
** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage...
High
Unreviewed
CVE-2024-47789
was published
Oct 4, 2024
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0...
Moderate
Unreviewed
CVE-2024-35495
was published
Sep 30, 2024
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses...
High
Unreviewed
CVE-2024-7713
was published
Sep 27, 2024
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal...
Low
Unreviewed
CVE-2024-47124
was published
Sep 26, 2024
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users.
These callsigns reveal...
Low
Unreviewed
CVE-2024-45838
was published
Sep 26, 2024
IPMI credentials may be captured in XCC audit log entries when the account username length is 16...
Moderate
Unreviewed
CVE-2024-8059
was published
Sep 13, 2024
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that...
Moderate
Unreviewed
CVE-2024-45101
was published
Sep 13, 2024
ProTip!
Advisories are also available from the
GraphQL API