Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,960
Maven
5,000+
npm
4,611
NuGet
788
pip
4,314
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

271 advisories

Loading
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due... Moderate Unreviewed
CVE-2025-15548 was published Jan 29, 2026
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with... High Unreviewed
CVE-2025-13453 was published Jan 15, 2026
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS... High Unreviewed
CVE-2025-13053 was published Dec 12, 2025
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical... Moderate Unreviewed
CVE-2025-65825 was published Dec 10, 2025
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows... High Unreviewed
CVE-2025-48981 was published Oct 8, 2025
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon... Moderate Unreviewed
CVE-2025-10227 was published Sep 10, 2025
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms... Moderate Unreviewed
CVE-2025-31977 was published Aug 28, 2025
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to... High Unreviewed
CVE-2025-48862 was published Aug 14, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Low Unreviewed
CVE-2024-41980 was published Aug 12, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Moderate Unreviewed
CVE-2024-41982 was published Aug 12, 2025
pyjwt v2.10.1 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45768 was published Jul 31, 2025
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43274 was published Jul 30, 2025
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the... Moderate Unreviewed
CVE-2025-40680 was published Jul 25, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information... Moderate Unreviewed
CVE-2025-33020 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information... Moderate Unreviewed
CVE-2025-36062 was published Jul 21, 2025
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A... High Unreviewed
CVE-2025-32874 was published Jul 16, 2025
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote... High Unreviewed
CVE-2014-6274 was published Jun 26, 2025
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions),... High Unreviewed
CVE-2025-24008 was published May 13, 2025
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that... Moderate Unreviewed
CVE-2025-1688 was published Apr 15, 2025
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2... Moderate Unreviewed
CVE-2023-37405 was published Mar 27, 2025
A local user may find a configuration file on the client workstation with unencrypted sensitive... High Unreviewed
CVE-2024-23942 was published Mar 18, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote... Moderate Unreviewed
CVE-2024-38325 was published Jan 27, 2025
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-41757 was published Jan 24, 2025
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support... Moderate Unreviewed
CVE-2024-7142 was published Jan 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database