Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026... Unknown Unreviewed
CVE-2026-34486 was published Apr 9, 2026
Antrea has Missing Encryption of Sensitive Data High
CVE-2026-34992 was published for antrea.io/antrea (Go) Apr 3, 2026
antoninbas Credited to antoninbas and xliuxu xliuxu xliuxu
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to... Moderate Unreviewed
CVE-2021-39090 was published Feb 29, 2024
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed
CVE-2023-4537 was published Feb 15, 2024
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography... High Unreviewed
CVE-2024-0220 was published Feb 22, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical... Moderate Unreviewed
CVE-2023-27291 was published Mar 3, 2024
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due... Moderate Unreviewed
CVE-2025-15548 was published Jan 29, 2026
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure Critical
CVE-2026-27944 was published for github.com/0xJacky/Nginx-UI (Go) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Mattermost Server SAML implementation does not require encryption or signature verification as default High
CVE-2017-18909 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS... High Unreviewed
CVE-2025-13053 was published Dec 12, 2025
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with... High Unreviewed
CVE-2025-13453 was published Jan 15, 2026
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical... Moderate Unreviewed
CVE-2025-65825 was published Dec 10, 2025
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A... High Unreviewed
CVE-2025-32874 was published Jul 16, 2025
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form Moderate
CVE-2025-64147 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files Moderate
CVE-2025-64146 was published for org.jenkins-ci.plugins:curseforge-publisher (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form Moderate
CVE-2025-64145 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files Moderate
CVE-2025-64144 was published for io.jenkins.plugins:byteguard-build-actions (Maven) Oct 29, 2025
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files Moderate
CVE-2025-64143 was published for com.openshift.jenkins:openshift-pipeline (Maven) Oct 29, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Low
CVE-2025-53678 was published for io.jenkins.plugins:user1st-utester (Maven) Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users Moderate
CVE-2025-53676 was published for io.jenkins.plugins:xooa (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database