Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

631 advisories

Loading
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to... Critical Unreviewed
CVE-2025-32880 was published Jun 20, 2025
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to... Moderate Unreviewed
CVE-2025-27457 was published Jul 3, 2025
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an... Moderate Unreviewed
CVE-2024-41927 was published Sep 4, 2024
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly... High Unreviewed
CVE-2025-45080 was published Jul 1, 2025
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is... Moderate Unreviewed
CVE-2024-10718 was published Mar 20, 2025
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in... Critical Unreviewed
CVE-2025-4378 was published Jun 26, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses... Moderate Unreviewed
CVE-2025-36034 was published Jun 26, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over... Moderate Unreviewed
CVE-2025-5087 was published Jun 24, 2025
An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2025-26199 was published Jun 18, 2025
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System,... Moderate Unreviewed
CVE-2023-46447 was published Jan 20, 2024
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed
CVE-2022-30312 was published Sep 8, 2022
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept... High Unreviewed
CVE-2025-49183 was published Jun 12, 2025
The server supports authentication methods in which credentials are sent in plaintext over... High Unreviewed
CVE-2025-49194 was published Jun 12, 2025
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This... High Unreviewed
CVE-2025-5270 was published May 27, 2025
Sametime is impacted by sensitive information passed in URL. Low Unreviewed
CVE-2023-45716 was published Feb 10, 2024
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of... Moderate Unreviewed
CVE-2024-50624 was published Oct 28, 2024
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext,... Moderate Unreviewed
CVE-2025-44612 was published May 30, 2025
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
This issue was addressed by using HTTPS when sending information over the network. This issue is... Moderate Unreviewed
CVE-2022-32857 was published Aug 25, 2022
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723... Moderate Unreviewed
CVE-2018-10634 was published May 13, 2022
Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA... Moderate Unreviewed
CVE-2025-0136 was published May 14, 2025
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with... Moderate Unreviewed
CVE-2025-40583 was published May 13, 2025
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could... Critical Unreviewed
CVE-2025-27720 was published May 9, 2025
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec... Critical Unreviewed
CVE-2024-12378 was published May 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database