Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote... High Unreviewed
CVE-2024-9970 was published Oct 15, 2024
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to... High Unreviewed
CVE-2024-21872 was published Apr 19, 2024
The application suffers from a privilege escalation vulnerability. An attacker logged in as... High Unreviewed
CVE-2024-22186 was published Apr 19, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
The website configured in the URL widget will receive a session cookie when testing or executing... High Unreviewed
CVE-2023-32725 was published Dec 22, 2023
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions... High Unreviewed
CVE-2023-32612 was published Jun 30, 2023
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a... High Unreviewed
CVE-2022-35284 was published Jul 26, 2022
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This... High Unreviewed
CVE-2016-15002 was published Jun 10, 2022
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware... High Unreviewed
CVE-2021-33842 was published May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2008-5784 was published May 17, 2022
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an... High Unreviewed
CVE-2017-6896 was published May 13, 2022
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and... High Unreviewed
CVE-2018-19224 was published May 13, 2022
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write... High Unreviewed
CVE-2022-28113 was published Apr 16, 2022
WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege... High Unreviewed
CVE-2021-46388 was published Feb 17, 2022
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability.... High Unreviewed
CVE-2021-36338 was published Jan 22, 2022
Cookie Prefix Spoofing in CGI::Cookie.parse High
CVE-2021-41819 was published for cgi (RubyGems) Jan 21, 2022
kir-b
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database