GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,738
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
541 advisories
Filter by severity
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms...
Moderate
Unreviewed
CVE-2021-39081
was published
Dec 19, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Keycloak vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2024-10973
was published
for
org.keycloak:keycloak-quarkus-server
(Maven)
Dec 18, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote...
Low
Unreviewed
CVE-2024-49820
was published
Dec 17, 2024
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote...
Moderate
Unreviewed
CVE-2024-49819
was published
Dec 17, 2024
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions...
Moderate
Unreviewed
CVE-2024-53246
was published
Dec 10, 2024
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information...
Low
Unreviewed
CVE-2024-47577
was published
Dec 10, 2024
Web browser interface may manipulate application username/password in clear text or Base64...
High
Unreviewed
CVE-2024-6515
was published
Dec 5, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2021-29892
was published
Dec 3, 2024
In affected versions of Octopus Server under certain circumstances it is possible for sensitive...
Moderate
Unreviewed
CVE-2024-6972
was published
Jul 25, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35057
was published
for
ait-core
(pip)
May 21, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35058
was published
for
ait-core
(pip)
May 21, 2024
Improper data protection on the ventilator's serial interface could allow an attacker to send and...
Critical
Unreviewed
CVE-2024-9834
was published
Nov 14, 2024
Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R)...
Moderate
Unreviewed
CVE-2024-28169
was published
Nov 13, 2024
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform...
High
Unreviewed
CVE-2024-50634
was published
Nov 8, 2024
Moodle authorization headers preserved between "emulated redirects"
Low
CVE-2024-43432
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may...
Moderate
Unreviewed
CVE-2024-0066
was published
Jun 18, 2024
An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge...
High
Unreviewed
CVE-2022-32510
was published
May 14, 2024
It is possible for an API key to be logged in clear text in the audit log file after an invalid...
Moderate
Unreviewed
CVE-2023-4509
was published
Apr 18, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of...
Moderate
Unreviewed
CVE-2024-50624
was published
Oct 28, 2024
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0...
Moderate
Unreviewed
CVE-2024-35495
was published
Sep 30, 2024
A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive...
Moderate
Unreviewed
CVE-2024-32946
was published
Oct 30, 2024
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can...
Critical
Unreviewed
CVE-2024-25735
was published
Mar 27, 2024
ProTip!
Advisories are also available from the
GraphQL API