Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

647 advisories

Loading
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is... Low Unreviewed
CVE-2025-0252 was published Jul 25, 2025
HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for... Low Unreviewed
CVE-2025-0250 was published Jul 25, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain... Moderate Unreviewed
CVE-2025-36107 was published Jul 21, 2025
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol... Moderate Unreviewed
CVE-2025-2818 was published Jul 17, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of... High Unreviewed
CVE-2025-53756 was published Jul 16, 2025
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels... Low Unreviewed
CVE-2025-53861 was published Jul 11, 2025
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. High Unreviewed
CVE-2025-44251 was published Jul 10, 2025
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to... Moderate Unreviewed
CVE-2025-27457 was published Jul 3, 2025
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly... High Unreviewed
CVE-2025-45080 was published Jul 1, 2025
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in... Critical Unreviewed
CVE-2025-4378 was published Jun 26, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses... Moderate Unreviewed
CVE-2025-36034 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over... Moderate Unreviewed
CVE-2025-5087 was published Jun 24, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to... Critical Unreviewed
CVE-2025-32880 was published Jun 20, 2025
An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2025-26199 was published Jun 18, 2025
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
The server supports authentication methods in which credentials are sent in plaintext over... High Unreviewed
CVE-2025-49194 was published Jun 12, 2025
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept... High Unreviewed
CVE-2025-49183 was published Jun 12, 2025
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext,... Moderate Unreviewed
CVE-2025-44612 was published May 30, 2025
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This... High Unreviewed
CVE-2025-5270 was published May 27, 2025
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure... Moderate Unreviewed
CVE-2025-3480 was published May 22, 2025
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA... Moderate Unreviewed
CVE-2025-0136 was published May 14, 2025
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with... Moderate Unreviewed
CVE-2025-40583 was published May 13, 2025
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could... Critical Unreviewed
CVE-2025-27720 was published May 9, 2025
Issue in my product in blah version x on y allows bad person to break Critical Unreviewed
CVE-2025-4475 was published May 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database