Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
Langflow has an Information Leak through Incomplete API Key Redaction Low
CVE-2026-6597 was published for langflow (pip) Apr 20, 2026
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. ... Critical Unreviewed
CVE-2025-15624 was published Apr 17, 2026
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684... High Unreviewed
CVE-2021-47961 was published Apr 10, 2026
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an... Critical Unreviewed
CVE-2026-35556 was published Apr 9, 2026
openssl-encrypt has visible password in process list via --password CLI argument Moderate
GHSA-h3m5-p59h-x88p was published for openssl-encrypt (pip) Mar 31, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and... High Unreviewed
CVE-2025-36258 was published Mar 25, 2026
NATS has MQTT plaintext password disclosure High
CVE-2026-33216 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information,... Moderate Unreviewed
CVE-2026-31850 was published Mar 23, 2026
Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of... Moderate Unreviewed
CVE-2026-22285 was published Mar 4, 2026
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows... High Unreviewed
CVE-2024-55026 was published Mar 3, 2026
NocoDB has Plaintext Storage of Shared View Passwords Low
CVE-2026-28360 was published for nocodb (npm) Mar 2, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a... Moderate Unreviewed
CVE-2026-21660 was published Feb 27, 2026
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-36425 was published Feb 17, 2026
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can... Moderate Unreviewed
CVE-2026-23797 was published Feb 5, 2026
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all... High Unreviewed
CVE-2020-37115 was published Feb 3, 2026
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby... Moderate Unreviewed
CVE-2025-12680 was published Feb 3, 2026
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of... High Unreviewed
CVE-2026-21417 was published Jan 27, 2026
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and... Moderate Unreviewed
CVE-2025-25051 was published Jan 23, 2026
Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint... High Unreviewed
CVE-2025-15113 was published Dec 31, 2025
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers... Moderate Unreviewed
CVE-2018-25130 was published Dec 24, 2025
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in... Moderate Unreviewed
CVE-2025-66910 was published Dec 19, 2025
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in... High Unreviewed
CVE-2025-65009 was published Dec 18, 2025
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user. Moderate Unreviewed
CVE-2024-42197 was published Dec 11, 2025
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage. High Unreviewed
CVE-2025-56527 was published Nov 18, 2025
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in... Moderate Unreviewed
CVE-2025-9982 was published Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database