Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

643 advisories

Loading
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to... Moderate Unreviewed
CVE-2025-59448 was published Oct 6, 2025
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed... Moderate Unreviewed
CVE-2025-59406 was published Oct 2, 2025
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily... High Unreviewed
CVE-2025-36274 was published Sep 26, 2025
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as... Moderate Unreviewed
CVE-2025-10540 was published Sep 25, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port... High Unreviewed
CVE-2025-54818 was published Sep 19, 2025
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of... High Unreviewed
CVE-2025-47698 was published Sep 18, 2025
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows... Critical Unreviewed
CVE-2025-7743 was published Sep 16, 2025
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH... High Unreviewed
CVE-2025-50110 was published Sep 15, 2025
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An... High Unreviewed
CVE-2025-41708 was published Sep 8, 2025
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal... Moderate Unreviewed
CVE-2025-31972 was published Aug 28, 2025
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users... High Unreviewed
CVE-2025-52351 was published Aug 21, 2025
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit... High Unreviewed
CVE-2025-6180 was published Aug 20, 2025
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Moderate Unreviewed
CVE-2025-57727 was published Aug 20, 2025
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data... High Unreviewed
CVE-2025-8863 was published Aug 11, 2025
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
Credited to songgao, chrisnojima, and AMarcedone
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36020 was published Aug 6, 2025
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and... High Unreviewed
CVE-2025-52490 was published Jul 29, 2025
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0... Moderate Unreviewed
CVE-2025-8205 was published Jul 26, 2025
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is... Low Unreviewed
CVE-2025-0252 was published Jul 25, 2025
HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for... Low Unreviewed
CVE-2025-0250 was published Jul 25, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain... Moderate Unreviewed
CVE-2025-36107 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database