GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,426
Composer 4,952
Erlang 39
GitHub Actions 38
Go 2,607
Maven 6,069
npm 4,252
NuGet 757
pip 4,017
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,282

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

326 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is... Moderate Unreviewed

CVE-2024-10718 was published Mar 20, 2025

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence... Moderate Unreviewed

CVE-2025-22493 was published Mar 5, 2025

Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were... Moderate Unreviewed

CVE-2025-25728 was published Feb 28, 2025

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP... Moderate Unreviewed

CVE-2024-5462 was published Feb 15, 2025

Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate

CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or... Moderate Unreviewed

CVE-2024-43187 was published Feb 4, 2025

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances... Moderate Unreviewed

CVE-2025-23060 was published Feb 4, 2025

IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear... Moderate Unreviewed

CVE-2023-35017 was published Jan 29, 2025

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added,... Moderate Unreviewed

CVE-2025-0432 was published Jan 28, 2025

IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication... Moderate Unreviewed

CVE-2024-28786 was published Jan 28, 2025

IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed

CVE-2024-41757 was published Jan 24, 2025

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text... Moderate Unreviewed

CVE-2024-26155 was published Jan 17, 2025

The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over... Moderate Unreviewed

CVE-2024-48121 was published Jan 15, 2025

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA... Moderate Unreviewed

CVE-2024-45102 was published Jan 15, 2025

IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms... Moderate Unreviewed

CVE-2021-39081 was published Dec 19, 2024

Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate

GHSA-6mpx-pmgp-ww49 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024 • withdrawn

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote... Moderate Unreviewed

CVE-2024-49819 was published Dec 17, 2024

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions... Moderate Unreviewed

CVE-2024-53246 was published Dec 10, 2024

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed

CVE-2021-29892 was published Dec 3, 2024

Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R)... Moderate Unreviewed

CVE-2024-28169 was published Nov 13, 2024

A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive... Moderate Unreviewed

CVE-2024-32946 was published Oct 30, 2024

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of... Moderate Unreviewed

CVE-2024-50624 was published Oct 28, 2024

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged... Moderate Unreviewed

CVE-2024-40595 was published Oct 24, 2024

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak... Moderate Unreviewed

CVE-2024-40090 was published Oct 21, 2024

Cleartext transmission of sensitive information in acep-collector service. The following products... Moderate Unreviewed

CVE-2024-49387 was published Oct 15, 2024

Previous 12…14 Next

Previous 1 2 3 4 5 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

326 advisories