Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

631 advisories

Loading
Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext,... Moderate Unreviewed
CVE-2025-44612 was published May 30, 2025
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept... High Unreviewed
CVE-2025-49183 was published Jun 12, 2025
The server supports authentication methods in which credentials are sent in plaintext over... High Unreviewed
CVE-2025-49194 was published Jun 12, 2025
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2025-26199 was published Jun 18, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to... Critical Unreviewed
CVE-2025-32880 was published Jun 20, 2025
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over... Moderate Unreviewed
CVE-2025-5087 was published Jun 24, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses... Moderate Unreviewed
CVE-2025-36034 was published Jun 26, 2025
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in... Critical Unreviewed
CVE-2025-4378 was published Jun 26, 2025
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly... High Unreviewed
CVE-2025-45080 was published Jul 1, 2025
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to... Moderate Unreviewed
CVE-2025-27457 was published Jul 3, 2025
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. High Unreviewed
CVE-2025-44251 was published Jul 10, 2025
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels... Low Unreviewed
CVE-2025-53861 was published Jul 11, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of... High Unreviewed
CVE-2025-53756 was published Jul 16, 2025
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol... Moderate Unreviewed
CVE-2025-2818 was published Jul 17, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain... Moderate Unreviewed
CVE-2025-36107 was published Jul 21, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for... Low Unreviewed
CVE-2025-0250 was published Jul 25, 2025
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is... Low Unreviewed
CVE-2025-0252 was published Jul 25, 2025
A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0... Moderate Unreviewed
CVE-2025-8205 was published Jul 26, 2025
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and... High Unreviewed
CVE-2025-52490 was published Jul 29, 2025
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to... Moderate Unreviewed
CVE-2025-36020 was published Aug 6, 2025
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data... High Unreviewed
CVE-2025-8863 was published Aug 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database