Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

636 advisories

Loading
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port... High Unreviewed
CVE-2025-54818 was published Sep 19, 2025
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of... High Unreviewed
CVE-2025-47698 was published Sep 18, 2025
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows... Critical Unreviewed
CVE-2025-7743 was published Sep 16, 2025
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH... High Unreviewed
CVE-2025-50110 was published Sep 15, 2025
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An... High Unreviewed
CVE-2025-41708 was published Sep 8, 2025
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal... Moderate Unreviewed
CVE-2025-31972 was published Aug 28, 2025
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users... High Unreviewed
CVE-2025-52351 was published Aug 21, 2025
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit... High Unreviewed
CVE-2025-6180 was published Aug 20, 2025
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Moderate Unreviewed
CVE-2025-57727 was published Aug 20, 2025
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data... High Unreviewed
CVE-2025-8863 was published Aug 11, 2025
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36020 was published Aug 6, 2025
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and... High Unreviewed
CVE-2025-52490 was published Jul 29, 2025
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0... Moderate Unreviewed
CVE-2025-8205 was published Jul 26, 2025
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is... Low Unreviewed
CVE-2025-0252 was published Jul 25, 2025
HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for... Low Unreviewed
CVE-2025-0250 was published Jul 25, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain... Moderate Unreviewed
CVE-2025-36107 was published Jul 21, 2025
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol... Moderate Unreviewed
CVE-2025-2818 was published Jul 17, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of... High Unreviewed
CVE-2025-53756 was published Jul 16, 2025
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels... Low Unreviewed
CVE-2025-53861 was published Jul 11, 2025
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. High Unreviewed
CVE-2025-44251 was published Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database