Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,243 advisories

Loading
NeuVector scanner insecurely handles passwords as command arguments Low
CVE-2025-67860 was published for github.com/neuvector/scanner (Go) Feb 12, 2026
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique... High Unreviewed
CVE-2026-0715 was published Feb 5, 2026
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the... Low Unreviewed
CVE-2026-1966 was published Feb 5, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network... High Unreviewed
CVE-2020-37097 was published Feb 4, 2026
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field... Low Unreviewed
CVE-2025-52623 was published Feb 3, 2026
malcontent OCI image pull credential exfiltration via malicious registry token realm Moderate
CVE-2026-24845 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2020-36968 was published Jan 28, 2026
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a... Low Unreviewed
CVE-2025-9521 was published Jan 26, 2026
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation Moderate
CVE-2026-21852 was published for @anthropic-ai/claude-code (npm) Jan 21, 2026
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended... High Unreviewed
CVE-2025-58742 was published Jan 21, 2026
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner... High Unreviewed
CVE-2025-58741 was published Jan 21, 2026
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected... Moderate Unreviewed
CVE-2026-1223 was published Jan 20, 2026
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local... Moderate Unreviewed
CVE-2021-47759 was published Jan 15, 2026
Firmware update files may expose password hashes for system accounts, which could allow a remote... Moderate Unreviewed
CVE-2026-22911 was published Jan 15, 2026
Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before... Moderate Unreviewed
CVE-2023-32280 was published Jan 14, 2026
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and... Critical Unreviewed
CVE-2026-22240 was published Jan 14, 2026
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows,... Low Unreviewed
CVE-2025-69271 was published Jan 12, 2026
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be... Moderate Unreviewed
CVE-2025-62327 was published Jan 7, 2026
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC... High Unreviewed
CVE-2025-64122 was published Jan 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database