Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

388 advisories

Loading
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3).... Moderate Unreviewed
CVE-2025-40751 was published Aug 12, 2025
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has... Moderate Unreviewed
CVE-2025-54394 was published Aug 7, 2025
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC"... Moderate Unreviewed
CVE-2025-5922 was published Jul 29, 2025
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22.... Moderate Unreviewed
CVE-2025-7565 was published Jul 14, 2025
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage Moderate Unreviewed
CVE-2025-24508 was published Jul 7, 2025
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers... Moderate Unreviewed
CVE-2025-6081 was published Jul 1, 2025
An authenticated attacker can reconfigure the target device to use an external service (such as... Moderate Unreviewed
CVE-2024-51984 was published Jun 26, 2025
A password is exposed locally. Moderate Unreviewed
CVE-2025-35941 was published Jun 11, 2025
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2025-33079 was published May 27, 2025
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access... Moderate Unreviewed
CVE-2025-2394 was published May 23, 2025
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure... Moderate Unreviewed
CVE-2025-3480 was published May 22, 2025
A passback vulnerability which relates to office/small office multifunction printers and laser... Moderate Unreviewed
CVE-2025-3079 was published May 20, 2025
A passback vulnerability which relates to production printers and office multifunction printers. Moderate Unreviewed
CVE-2025-3078 was published May 20, 2025
A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers... Moderate Unreviewed
CVE-2025-4679 was published May 16, 2025
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure... Moderate Unreviewed
CVE-2025-2772 was published Apr 23, 2025
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns... Moderate Unreviewed
CVE-2024-9418 was published Mar 20, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure... Moderate Unreviewed
CVE-2024-47109 was published Mar 10, 2025
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows... Moderate Unreviewed
CVE-2024-44754 was published Feb 28, 2025
The product transmits or stores authentication credentials, but it uses an insecure method that... Moderate Unreviewed
CVE-2024-37362 was published Feb 20, 2025
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local... Moderate Unreviewed
CVE-2023-50945 was published Jan 26, 2025
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly... Moderate Unreviewed
CVE-2025-0619 was published Jan 23, 2025
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen,... Moderate Unreviewed
CVE-2024-42012 was published Jan 22, 2025
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys,... Moderate Unreviewed
CVE-2024-42172 was published Jan 11, 2025
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view... Moderate Unreviewed
CVE-2024-56354 was published Dec 20, 2024
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical... Moderate Unreviewed
CVE-2022-33954 was published Dec 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database