Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,212 advisories

Loading
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS Moderate
CVE-2025-32963 was published for github.com/minio/operator (Go) Apr 21, 2025
bburky pjuarezd
Credited to bburky and pjuarezd
A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01... High Unreviewed
CVE-2025-28228 was published Apr 21, 2025
Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password... Critical Unreviewed
CVE-2025-22372 was published Apr 14, 2025
Magento does not properly protect credentials Low
CVE-2025-27192 was published for magento/community-edition (Composer) Apr 8, 2025
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to... High Unreviewed
CVE-2025-26628 was published Apr 8, 2025
The exposure of credentials in the call forwarding configuration module in MeetMe products in... High Unreviewed
CVE-2025-2908 was published Mar 28, 2025
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns... Moderate Unreviewed
CVE-2024-9418 was published Mar 20, 2025
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605... Critical Unreviewed
CVE-2025-25650 was published Mar 17, 2025
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13... High Unreviewed
CVE-2025-2277 was published Mar 13, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure... Moderate Unreviewed
CVE-2024-47109 was published Mar 10, 2025
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability... High Unreviewed
CVE-2025-1886 was published Mar 7, 2025
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition... Critical Unreviewed
CVE-2024-12799 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014... Critical Unreviewed
CVE-2025-27650 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253... Critical Unreviewed
CVE-2025-27648 was published Mar 5, 2025
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote... High Unreviewed
CVE-2024-41770 was published Mar 3, 2025
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote... High Unreviewed
CVE-2024-41771 was published Mar 3, 2025
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows... Moderate Unreviewed
CVE-2024-44754 was published Feb 28, 2025
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded... Critical Unreviewed
CVE-2025-25570 was published Feb 28, 2025
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP... Low Unreviewed
CVE-2025-0760 was published Feb 26, 2025
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Credited to ANIKETishereok and s0calledhacker
The product transmits or stores authentication credentials, but it uses an insecure method that... Moderate Unreviewed
CVE-2024-37362 was published Feb 20, 2025
The standard user uses the run as function to start the MEAC applications with administrative... Critical Unreviewed
CVE-2025-0867 was published Feb 14, 2025
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose... High Unreviewed
CVE-2025-26492 was published Feb 11, 2025
An information disclosure vulnerability exists in the Vault API functionality of ClearML... High Unreviewed
CVE-2024-43779 was published Feb 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database