Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

936 advisories

Loading
This vulnerability allows an attacker to access parts of the application that are not protected... Moderate Unreviewed
CVE-2025-12461 was published Oct 29, 2025
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication... High Unreviewed
CVE-2025-54808 was published Oct 23, 2025
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2... High Unreviewed
CVE-2014-1812 was published May 14, 2022
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Critical Unreviewed
CVE-2021-30116 was published May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an... High Unreviewed
CVE-2020-29583 was published May 24, 2022
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity... Critical Unreviewed
CVE-2017-9248 was published May 13, 2022
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker... High Unreviewed
CVE-2021-40655 was published May 24, 2022
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed
CVE-2020-8657 was published May 24, 2022
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could... Moderate Unreviewed
CVE-2024-42192 was published Oct 16, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and... Critical Unreviewed
CVE-2025-34196 was published Sep 29, 2025
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns... Moderate Unreviewed
CVE-2024-9418 was published Mar 20, 2025
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it... Moderate Unreviewed
CVE-2025-27231 was published Oct 3, 2025
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike... Moderate Unreviewed
CVE-2025-37728 was published Oct 7, 2025
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly... Moderate Unreviewed
CVE-2025-0619 was published Jan 23, 2025
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed... Low Unreviewed
CVE-2025-40838 was published Sep 25, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read... High Unreviewed
CVE-2025-52545 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each... Critical Unreviewed
CVE-2025-52549 was published Oct 1, 2025
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access... Moderate Unreviewed
CVE-2025-2394 was published May 23, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10880 was published Sep 25, 2025
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials... High Unreviewed
CVE-2025-10879 was published Sep 25, 2025
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content... Moderate Unreviewed
CVE-2025-10360 was published Sep 24, 2025
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with... Low Unreviewed
CVE-2024-45744 was published Sep 27, 2024
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password... Moderate Unreviewed
CVE-2014-0755 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database