Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Tanium addressed an information disclosure vulnerability in Tanium Server. Low Unreviewed
CVE-2026-6408 was published Apr 22, 2026
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5... Low Unreviewed
CVE-2026-27316 was published Apr 14, 2026
Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
GHSA-8mr2-f9wf-hcfq was published for openclaw (npm) Mar 21, 2026 withdrawn
OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback Low
CVE-2026-32897 was published for openclaw (npm) Mar 3, 2026
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Low
CVE-2026-27167 was published for gradio (pip) Mar 1, 2026
tenbbughunters Credited to tenbbughunters
NeuVector scanner insecurely handles passwords as command arguments Low
CVE-2025-67860 was published for github.com/neuvector/scanner (Go) Feb 12, 2026
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the... Low Unreviewed
CVE-2026-1966 was published Feb 5, 2026
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field... Low Unreviewed
CVE-2025-52623 was published Feb 3, 2026
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a... Low Unreviewed
CVE-2025-9521 was published Jan 26, 2026
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows,... Low Unreviewed
CVE-2025-69271 was published Jan 12, 2026
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server:... Low Unreviewed
CVE-2025-13758 was published Nov 27, 2025
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed... Low Unreviewed
CVE-2025-40838 was published Sep 25, 2025
Mattermost has Insufficiently Protected Credentials Low
CVE-2025-6227 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611... Low Unreviewed
CVE-2025-6526 was published Jun 26, 2025
Magento does not properly protect credentials Low
CVE-2025-27192 was published for magento/community-edition (Composer) Apr 8, 2025
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP... Low Unreviewed
CVE-2025-0760 was published Feb 26, 2025
There is an insufficient authentication vulnerability in some Huawei smart phone. An... Low Unreviewed
CVE-2020-9250 was published Dec 20, 2024
A security vulnerability in HPE IceWall products could be exploited remotely to cause... Low Unreviewed
CVE-2024-11856 was published Dec 2, 2024
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with... Low Unreviewed
CVE-2024-45744 was published Sep 27, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This... Low Unreviewed
CVE-2024-30119 was published Jun 15, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage... Low Unreviewed
CVE-2024-28971 was published May 8, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database