Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,287 advisories

Loading
Firmware update files may expose password hashes for system accounts, which could allow a remote... Moderate Unreviewed
CVE-2026-22911 was published Jan 15, 2026
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local... Moderate Unreviewed
CVE-2021-47759 was published Jan 15, 2026
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui Credited to moyushui and b0b0haha b0b0haha b0b0haha
PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected... Moderate Unreviewed
CVE-2026-1223 was published Jan 20, 2026
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner... High Unreviewed
CVE-2025-58741 was published Jan 21, 2026
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended... High Unreviewed
CVE-2025-58742 was published Jan 21, 2026
Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation Moderate
CVE-2026-21852 was published for @anthropic-ai/claude-code (npm) Jan 21, 2026
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a... Low Unreviewed
CVE-2025-9521 was published Jan 26, 2026
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2020-36968 was published Jan 28, 2026
malcontent OCI image pull credential exfiltration via malicious registry token realm Moderate
CVE-2026-24845 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal Credited to 1seal, egibs, antitree, stevebeattie, and eslerm egibs egibs
antitree antitree stevebeattie stevebeattie eslerm eslerm
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field... Low Unreviewed
CVE-2025-52623 was published Feb 3, 2026
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network... High Unreviewed
CVE-2020-37097 was published Feb 4, 2026
n8n's domain allowlist bypass enables credential exfiltration Moderate
CVE-2026-25631 was published for n8n (npm) Feb 4, 2026
weblover12 Credited to weblover12
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the... Low Unreviewed
CVE-2026-1966 was published Feb 5, 2026
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique... High Unreviewed
CVE-2026-0715 was published Feb 5, 2026
NeuVector scanner insecurely handles passwords as command arguments Low
CVE-2025-67860 was published for github.com/neuvector/scanner (Go) Feb 12, 2026
OpenClaw: Telegram bot token exposure via logs Moderate
CVE-2026-27003 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
The web management interface of the device renders the passwords in a plaintext input field. The... Moderate Unreviewed
CVE-2026-26049 was published Feb 20, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-20733 was published Feb 27, 2026
Charging station authentication identifiers are publicly accessible via web-based mapping platforms. Moderate Unreviewed
CVE-2026-22890 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database