Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,212 advisories

Loading
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed
CVE-2025-0890 was published Feb 4, 2025
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM... Moderate Unreviewed
CVE-2025-14148 was published Dec 15, 2025
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache... Critical Unreviewed
CVE-2025-58130 was published Dec 12, 2025
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows... High Unreviewed
CVE-2020-36896 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently... Moderate Unreviewed
CVE-2025-64898 was published Dec 10, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Moderate Unreviewed
CVE-2025-63361 was published Dec 4, 2025
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server:... Low Unreviewed
CVE-2025-13758 was published Nov 27, 2025
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13163 was published Nov 17, 2025
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13164 was published Nov 17, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments... Critical Unreviewed
CVE-2025-36096 was published Nov 14, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... High Unreviewed
CVE-2025-34139 was published Jul 25, 2025
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Moderate Unreviewed
CVE-2022-30231 was published Jun 15, 2022
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a... Critical Unreviewed
CVE-2018-11544 was published May 13, 2022
A 3rd-party component exposed its password in process arguments, allowing for low-privileged... Moderate Unreviewed
CVE-2025-6571 was published Nov 11, 2025
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD),... Moderate Unreviewed
CVE-2025-42897 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed
CVE-2025-64689 was published Nov 10, 2025
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an... High Unreviewed
CVE-2025-12636 was published Nov 7, 2025
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form Moderate
CVE-2025-53743 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens Moderate
CVE-2025-53667 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database