Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,205 advisories

Loading
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13164 was published Nov 17, 2025
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13163 was published Nov 17, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments... Critical Unreviewed
CVE-2025-36096 was published Nov 14, 2025
A 3rd-party component exposed its password in process arguments, allowing for low-privileged... Moderate Unreviewed
CVE-2025-6571 was published Nov 11, 2025
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD),... Moderate Unreviewed
CVE-2025-42897 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed
CVE-2025-64689 was published Nov 10, 2025
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an... High Unreviewed
CVE-2025-12636 was published Nov 7, 2025
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed
CVE-2025-54863 was published Nov 4, 2025
This vulnerability allows an attacker to access parts of the application that are not protected... Moderate Unreviewed
CVE-2025-12461 was published Oct 29, 2025
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication... High Unreviewed
CVE-2025-54808 was published Oct 23, 2025
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could... Moderate Unreviewed
CVE-2024-42192 was published Oct 16, 2025
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike... Moderate Unreviewed
CVE-2025-37728 was published Oct 7, 2025
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it... Moderate Unreviewed
CVE-2025-27231 was published Oct 3, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read... High Unreviewed
CVE-2025-52545 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each... Critical Unreviewed
CVE-2025-52549 was published Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and... Critical Unreviewed
CVE-2025-34196 was published Sep 29, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10880 was published Sep 25, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10879 was published Sep 25, 2025
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed... Low Unreviewed
CVE-2025-40838 was published Sep 25, 2025
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content... Moderate Unreviewed
CVE-2025-10360 was published Sep 24, 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a... High Unreviewed
CVE-2025-23342 was published Sep 9, 2025
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce... High Unreviewed
CVE-2025-42933 was published Sep 9, 2025
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller... High Unreviewed
CVE-2025-41682 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database