Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,192 advisories

Loading
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could... Moderate Unreviewed
CVE-2024-42192 was published Oct 16, 2025
Argo Workflow may expose artifact repository credentials High
CVE-2025-62157 was published for github.com/argoproj/argo-workflows/v3 (Go) Oct 14, 2025
r0binak
Credited to r0binak
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike... Moderate Unreviewed
CVE-2025-37728 was published Oct 7, 2025
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it... Moderate Unreviewed
CVE-2025-27231 was published Oct 3, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read... High Unreviewed
CVE-2025-52545 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each... Critical Unreviewed
CVE-2025-52549 was published Oct 1, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and... Critical Unreviewed
CVE-2025-34196 was published Sep 29, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10879 was published Sep 25, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10880 was published Sep 25, 2025
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed... Low Unreviewed
CVE-2025-40838 was published Sep 25, 2025
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content... Moderate Unreviewed
CVE-2025-10360 was published Sep 24, 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a... High Unreviewed
CVE-2025-23342 was published Sep 9, 2025
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce... High Unreviewed
CVE-2025-42933 was published Sep 9, 2025
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller... High Unreviewed
CVE-2025-41682 was published Sep 8, 2025
NeuVector process with sensitive arguments lead to leakage Moderate
CVE-2025-54467 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the... Critical Unreviewed
CVE-2025-52095 was published Aug 22, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3).... Moderate Unreviewed
CVE-2025-40751 was published Aug 12, 2025
Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect:... High Unreviewed
CVE-2025-53188 was published Aug 11, 2025
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has... Moderate Unreviewed
CVE-2025-54394 was published Aug 7, 2025
Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected... High Unreviewed
CVE-2025-38739 was published Aug 4, 2025
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC"... Moderate Unreviewed
CVE-2025-5922 was published Jul 29, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Credited to lkiesow
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22.... Moderate Unreviewed
CVE-2025-7565 was published Jul 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database