Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,222 advisories

Loading
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local... Moderate Unreviewed
CVE-2021-47759 was published Jan 15, 2026
Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before... Moderate Unreviewed
CVE-2023-32280 was published Jan 14, 2026
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows,... Low Unreviewed
CVE-2025-69271 was published Jan 12, 2026
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be... Moderate Unreviewed
CVE-2025-62327 was published Jan 7, 2026
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC... High Unreviewed
CVE-2025-64122 was published Jan 3, 2026
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non... High Unreviewed
CVE-2021-47726 was published Dec 31, 2025
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2021-47741 was published Dec 31, 2025
Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint... High Unreviewed
CVE-2025-15113 was published Dec 31, 2025
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM... Moderate Unreviewed
CVE-2025-14148 was published Dec 15, 2025
Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache... Critical Unreviewed
CVE-2025-58130 was published Dec 12, 2025
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows... High Unreviewed
CVE-2020-36896 was published Dec 10, 2025
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently... Moderate Unreviewed
CVE-2025-64898 was published Dec 10, 2025
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2... Moderate Unreviewed
CVE-2025-63361 was published Dec 4, 2025
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server:... Low Unreviewed
CVE-2025-13758 was published Nov 27, 2025
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13164 was published Nov 17, 2025
EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability,... Moderate Unreviewed
CVE-2025-13163 was published Nov 17, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments... Critical Unreviewed
CVE-2025-36096 was published Nov 14, 2025
A 3rd-party component exposed its password in process arguments, allowing for low-privileged... Moderate Unreviewed
CVE-2025-6571 was published Nov 11, 2025
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD),... Moderate Unreviewed
CVE-2025-42897 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed
CVE-2025-64689 was published Nov 10, 2025
The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an... High Unreviewed
CVE-2025-12636 was published Nov 7, 2025
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly... Critical Unreviewed
CVE-2025-54863 was published Nov 4, 2025
This vulnerability allows an attacker to access parts of the application that are not protected... Moderate Unreviewed
CVE-2025-12461 was published Oct 29, 2025
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication... High Unreviewed
CVE-2025-54808 was published Oct 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database