Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

423 advisories

Loading
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5,... High Unreviewed
CVE-2025-36568 was published Apr 17, 2026
Flowise: Sensitive Data Leak in public-chatbotConfig High
CVE-2026-41266 was published for flowise (npm) Apr 16, 2026
DenizParlak Credited to DenizParlak
Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak) High
GHSA-8wfp-579w-6r25 was published for github.com/kyverno/kyverno (Go) Apr 16, 2026
scumfrog Credited to scumfrog
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate... High Unreviewed
CVE-2026-32171 was published Apr 14, 2026
The stored API keys in temporary browser client is not marked as protected allowing for JavScript... High Unreviewed
CVE-2026-35467 was published Apr 2, 2026
OpenClaw before 2026.3.12 embeds long-lived shared gateway credentials directly in pairing setup... High Unreviewed
CVE-2026-33575 was published Mar 29, 2026
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that... High Unreviewed
CVE-2025-15617 was published Mar 27, 2026
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote... High Unreviewed
CVE-2025-13478 was published Mar 27, 2026
Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an... High Unreviewed
CVE-2025-64998 was published Mar 24, 2026
Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate... High Unreviewed
CVE-2026-23658 was published Mar 19, 2026
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
IncusOS has a LUKS encryption bypass due to insufficient TPM policy High
CVE-2026-32606 was published for github.com/lxc/incus-os/incus-osd (Go) Mar 16, 2026
A vulnerability allowing a low-privileged user to extract saved SSH credentials. High Unreviewed
CVE-2026-21670 was published Mar 12, 2026
OpenClaw: fetch-guard forwards custom authorization headers across cross-origin redirects High
CVE-2026-32913 was published for openclaw (npm) Mar 9, 2026
Rickidevs Credited to Rickidevs
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for... High Unreviewed
CVE-2026-29128 was published Mar 5, 2026
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique... High Unreviewed
CVE-2026-0715 was published Feb 5, 2026
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network... High Unreviewed
CVE-2020-37097 was published Feb 4, 2026
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to... High Unreviewed
CVE-2020-36968 was published Jan 28, 2026
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner... High Unreviewed
CVE-2025-58741 was published Jan 21, 2026
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended... High Unreviewed
CVE-2025-58742 was published Jan 21, 2026
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui Credited to moyushui and b0b0haha b0b0haha b0b0haha
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC... High Unreviewed
CVE-2025-64122 was published Jan 3, 2026
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2021-47741 was published Dec 31, 2025
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non... High Unreviewed
CVE-2021-47726 was published Dec 31, 2025
Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint... High Unreviewed
CVE-2025-15113 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database