Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

506 advisories

Loading
Antrea has Missing Encryption of Sensitive Data High
CVE-2026-34992 was published for antrea.io/antrea (Go) Apr 3, 2026
antoninbas Credited to antoninbas and xliuxu xliuxu xliuxu
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure Critical
CVE-2026-27944 was published for github.com/0xJacky/Nginx-UI (Go) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due... Moderate Unreviewed
CVE-2025-15548 was published Jan 29, 2026
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with... High Unreviewed
CVE-2025-13453 was published Jan 15, 2026
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS... High Unreviewed
CVE-2025-13053 was published Dec 12, 2025
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical... Moderate Unreviewed
CVE-2025-65825 was published Dec 10, 2025
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files Moderate
CVE-2025-64144 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows... High Unreviewed
CVE-2025-48981 was published Oct 8, 2025
DragonFly's tiny file download uses hard coded HTTP protocol Moderate
CVE-2025-59410 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon... Moderate Unreviewed
CVE-2025-10227 was published Sep 10, 2025
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms... Moderate Unreviewed
CVE-2025-31977 was published Aug 28, 2025
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to... High Unreviewed
CVE-2025-48862 was published Aug 14, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Moderate Unreviewed
CVE-2024-41982 was published Aug 12, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Low Unreviewed
CVE-2024-41980 was published Aug 12, 2025
pyjwt v2.10.1 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45768 was published Jul 31, 2025
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43274 was published Jul 30, 2025
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the... Moderate Unreviewed
CVE-2025-40680 was published Jul 25, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information... Moderate Unreviewed
CVE-2025-33020 was published Jul 23, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information... Moderate Unreviewed
CVE-2025-36062 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database