Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,032
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

651 advisories

Loading
The web server of the device performs exchanges of sensitive information in clear text through an... High Unreviewed
CVE-2025-64389 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager... High Unreviewed
CVE-2025-34271 was published Oct 31, 2025
All WorkExaminer Professional traffic between monitoring client, console and server is... High Unreviewed
CVE-2025-10641 was published Oct 21, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits... Low Unreviewed
CVE-2025-62643 was published Oct 17, 2025
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of... Critical Unreviewed
CVE-2025-11492 was published Oct 16, 2025
Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker... High Unreviewed
CVE-2025-53139 was published Oct 14, 2025
A cleartext transmission of sensitive information vulnerability in the affected products allows... High Unreviewed
CVE-2025-41718 was published Oct 14, 2025
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function... Low Unreviewed
CVE-2025-11640 was published Oct 12, 2025
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to... Moderate Unreviewed
CVE-2025-59448 was published Oct 6, 2025
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed... Moderate Unreviewed
CVE-2025-59406 was published Oct 2, 2025
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily... High Unreviewed
CVE-2025-36274 was published Sep 26, 2025
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as... Moderate Unreviewed
CVE-2025-10540 was published Sep 25, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port... High Unreviewed
CVE-2025-54818 was published Sep 19, 2025
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of... High Unreviewed
CVE-2025-47698 was published Sep 18, 2025
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows... Critical Unreviewed
CVE-2025-7743 was published Sep 16, 2025
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH... High Unreviewed
CVE-2025-50110 was published Sep 15, 2025
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An... High Unreviewed
CVE-2025-41708 was published Sep 8, 2025
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal... Moderate Unreviewed
CVE-2025-31972 was published Aug 28, 2025
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users... High Unreviewed
CVE-2025-52351 was published Aug 21, 2025
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit... High Unreviewed
CVE-2025-6180 was published Aug 20, 2025
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Moderate Unreviewed
CVE-2025-57727 was published Aug 20, 2025
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data... High Unreviewed
CVE-2025-8863 was published Aug 11, 2025
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database