Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao chrisnojima
AMarcedone
HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is... Low Unreviewed
CVE-2025-0252 was published Jul 25, 2025
HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for... Low Unreviewed
CVE-2025-0250 was published Jul 25, 2025
A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels... Low Unreviewed
CVE-2025-53861 was published Jul 11, 2025
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
Sametime is impacted by sensitive information passed in URL. Low Unreviewed
CVE-2023-45716 was published Feb 10, 2024
Free5gc v3.2.1 is vulnerable to Information disclosure. Low Unreviewed
CVE-2022-38870 was published Oct 25, 2022
Sensitive information accessible by physical probing of JTAG interface for some Intel(R)... Low Unreviewed
CVE-2022-0005 was published May 13, 2022
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information... Low Unreviewed
CVE-2025-25046 was published Apr 24, 2025
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3... Low Unreviewed
CVE-2025-3329 was published Apr 7, 2025
HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. ... Low Unreviewed
CVE-2024-42181 was published Jan 13, 2025
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive... Low Unreviewed
CVE-2024-11946 was published Dec 30, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote... Low Unreviewed
CVE-2024-49820 was published Dec 17, 2024
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information... Low Unreviewed
CVE-2024-47577 was published Dec 10, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in... Low Unreviewed
CVE-2024-8013 was published Oct 28, 2024
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal... Low Unreviewed
CVE-2024-47124 was published Sep 26, 2024
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal... Low Unreviewed
CVE-2024-45838 was published Sep 26, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
An insecure connection between Systems Manager and CQI Reporter application could expose infusion... Low Unreviewed
CVE-2023-30565 was published Jul 13, 2023
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields Low
CVE-2019-10397 was published for org.jenkins-ci.plugins:aqua-serverless (Maven) May 24, 2022
andrewpollock
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command... Low Unreviewed
CVE-2007-5626 was published May 1, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text Low
CVE-2020-2232 was published for org.jenkins-ci.plugins:email-ext (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Jenkins Logstash Plugin Low
CVE-2020-2143 was published for org.jenkins-ci.plugins:logstash (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database