Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

192 advisories

Loading
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users... High Unreviewed
CVE-2025-52351 was published Aug 21, 2025
The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit... High Unreviewed
CVE-2025-6180 was published Aug 20, 2025
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data... High Unreviewed
CVE-2025-8863 was published Aug 11, 2025
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and... High Unreviewed
CVE-2025-52490 was published Jul 29, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of... High Unreviewed
CVE-2025-53756 was published Jul 16, 2025
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. High Unreviewed
CVE-2025-44251 was published Jul 10, 2025
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly... High Unreviewed
CVE-2025-45080 was published Jul 1, 2025
The server supports authentication methods in which credentials are sent in plaintext over... High Unreviewed
CVE-2025-49194 was published Jun 12, 2025
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept... High Unreviewed
CVE-2025-49183 was published Jun 12, 2025
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This... High Unreviewed
CVE-2025-5270 was published May 27, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command... High Unreviewed
CVE-2025-32887 was published May 2, 2025
This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in... High Unreviewed
CVE-2025-42603 was published Apr 23, 2025
This issue was addressed by using HTTPS when sending information over the network. This issue is... High Unreviewed
CVE-2024-44276 was published Mar 17, 2025
The device uses an unencrypted, proprietary protocol for communication. Through this protocol,... High Unreviewed
CVE-2025-27594 was published Mar 14, 2025
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data... High Unreviewed
CVE-2025-24849 was published Feb 28, 2025
CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result... High Unreviewed
CVE-2025-1060 was published Feb 13, 2025
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older... High Unreviewed
CVE-2025-0556 was published Feb 12, 2025
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from... High Unreviewed
CVE-2024-36558 was published Feb 6, 2025
A Credential Exposure Vulnerability exists in the above-mentioned product and version. The... High Unreviewed
CVE-2025-0631 was published Jan 28, 2025
Web browser interface may manipulate application username/password in clear text or Base64... High Unreviewed
CVE-2024-6515 was published Dec 5, 2024
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform... High Unreviewed
CVE-2024-50634 was published Nov 8, 2024
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-48788 was published Oct 11, 2024
** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage... High Unreviewed
CVE-2024-47789 was published Oct 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database