Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3).... Moderate Unreviewed
CVE-2025-40751 was published Aug 12, 2025
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has... Moderate Unreviewed
CVE-2025-54394 was published Aug 7, 2025
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC"... Moderate Unreviewed
CVE-2025-5922 was published Jul 29, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22.... Moderate Unreviewed
CVE-2025-7565 was published Jul 14, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form Moderate
CVE-2025-53743 was published for org.jenkins-ci.plugins:applitools-eyes (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53665 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins IBM Cloud DevOps Plugin vulnerability exposes SonarQube authentication tokens Moderate
CVE-2025-53663 was published for com.ibm.devops:ibm-cloud-devops (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets Moderate
CVE-2025-53657 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins IFTTT Build Notifier Plugin vulnerability exposes IFTTT Maker Channel Keys Moderate
CVE-2025-53662 was published for org.jenkins-ci.plugins:ifttt-build-notifier (Maven) Jul 9, 2025
Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens Moderate
CVE-2025-53664 was published for com.apica:ApicaLoadtest (Maven) Jul 9, 2025
Jenkins QMetry Test Management Plugin vulnerability exposes API keys Moderate
CVE-2025-53660 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials Moderate
CVE-2025-53656 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens Moderate
CVE-2025-53667 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens Moderate
CVE-2025-53653 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) Jul 9, 2025
Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key Moderate
CVE-2025-53654 was published for org.jenkins.plugins.statistics.gatherer:statistics-gatherer (Maven) Jul 9, 2025
Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages Moderate
CVE-2025-53650 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jul 9, 2025
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage Moderate Unreviewed
CVE-2025-24508 was published Jul 7, 2025
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers... Moderate Unreviewed
CVE-2025-6081 was published Jul 1, 2025
An authenticated attacker can reconfigure the target device to use an external service (such as... Moderate Unreviewed
CVE-2024-51984 was published Jun 26, 2025
A password is exposed locally. Moderate Unreviewed
CVE-2025-35941 was published Jun 11, 2025
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson jupenur
nateprewitt sigmavirus24
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2025-33079 was published May 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database