Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,676
Erlang
34
GitHub Actions
26
Go
2,263
Maven
5,000+
npm
3,915
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

464 advisories

Loading
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that... Moderate Unreviewed
CVE-2025-1688 was published Apr 15, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2... Moderate Unreviewed
CVE-2023-37405 was published Mar 27, 2025
OpenDaylight SFC Insecure Shiro Cookie Configuration High
CVE-2025-29314 was published for org.opendaylight.sfc:odl-sfc-openflow-renderer (Maven) Mar 24, 2025
A local user may find a configuration file on the client workstation with unencrypted sensitive... High Unreviewed
CVE-2024-23942 was published Mar 18, 2025
Unencrypted transmission in Temporal api-go library Low
CVE-2025-1243 was published for go.temporal.io/api (Go) Feb 12, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote... Moderate Unreviewed
CVE-2024-38325 was published Jan 27, 2025
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-41757 was published Jan 24, 2025
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support... Moderate Unreviewed
CVE-2024-7142 was published Jan 11, 2025
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what... Critical Unreviewed
CVE-2024-4995 was published Dec 18, 2024
Snowflake JDBC Security Advisory Moderate
CVE-2024-43382 was published for net.snowflake:snowflake-jdbc (Maven) Oct 30, 2024
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2024-20515 was published Oct 2, 2024
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active... Moderate Unreviewed
CVE-2023-52948 was published Sep 26, 2024
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup... Moderate Unreviewed
CVE-2023-52950 was published Sep 26, 2024
Credentials to access device configuration were transmitted using an unencrypted protocol. These... High Unreviewed
CVE-2024-42495 was published Sep 6, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2024-20503 was published Sep 4, 2024
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39746 was published Aug 22, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42657 was published Aug 19, 2024
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-31905 was published Aug 15, 2024
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption... Moderate Unreviewed
CVE-2024-40620 was published Aug 14, 2024
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue... High Unreviewed
CVE-2024-7396 was published Aug 5, 2024
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data... Moderate Unreviewed
CVE-2024-38302 was published Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database