Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

285 advisories

Loading
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to... Moderate Unreviewed
CVE-2025-59448 was published Oct 6, 2025
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the... Moderate Unreviewed
CVE-2020-10124 was published May 24, 2022
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as... Moderate Unreviewed
CVE-2025-10540 was published Sep 25, 2025
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for... Moderate Unreviewed
CVE-2025-2861 was published Mar 28, 2025
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed... Moderate Unreviewed
CVE-2025-59406 was published Oct 2, 2025
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39746 was published Aug 22, 2024
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-41757 was published Jan 24, 2025
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-31905 was published Aug 15, 2024
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal... Moderate Unreviewed
CVE-2025-31972 was published Aug 28, 2025
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-34704 was published Aug 10, 2022
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks... Moderate Unreviewed
CVE-2024-6388 was published Jun 27, 2024
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Moderate Unreviewed
CVE-2025-57727 was published Aug 20, 2025
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure... Moderate Unreviewed
CVE-2025-3480 was published May 22, 2025
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36020 was published Aug 6, 2025
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0... Moderate Unreviewed
CVE-2025-8205 was published Jul 26, 2025
Plain text credentials and session ID can be captured with a network sniffer. Moderate Unreviewed
CVE-2024-37183 was published Jun 21, 2024
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain... Moderate Unreviewed
CVE-2025-36107 was published Jul 21, 2025
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol... Moderate Unreviewed
CVE-2025-2818 was published Jul 17, 2025
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to... Moderate Unreviewed
CVE-2025-27457 was published Jul 3, 2025
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an... Moderate Unreviewed
CVE-2024-41927 was published Sep 4, 2024
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is... Moderate Unreviewed
CVE-2024-10718 was published Mar 20, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses... Moderate Unreviewed
CVE-2025-36034 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over... Moderate Unreviewed
CVE-2025-5087 was published Jun 24, 2025
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System,... Moderate Unreviewed
CVE-2023-46447 was published Jan 20, 2024
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed
CVE-2022-30312 was published Sep 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database