Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

707 advisories

Loading
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers... High Unreviewed
CVE-2026-35644 was published Apr 10, 2026
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64... Critical Unreviewed
CVE-2025-14815 was published Apr 8, 2026
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted... Moderate Unreviewed
CVE-2026-5531 was published Apr 5, 2026
Directus: Sensitive fields exposed in revision history Moderate
CVE-2026-39943 was published for directus (npm) Apr 4, 2026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups Critical
CVE-2026-33026 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON High
CVE-2026-34214 was published for io.trino:trino-iceberg (Maven) Mar 29, 2026
findinpath Credited to findinpath, ebyhr, chenjian2664, losipiuk, and findepi ebyhr ebyhr
chenjian2664 chenjian2664 losipiuk losipiuk findepi findepi
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi... Moderate Unreviewed
CVE-2026-4346 was published Mar 27, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
AVideo has Plaintext Video Password Storage Critical
CVE-2026-33867 was published for wwbn/avideo (Composer) Mar 26, 2026
athuljayaram Credited to athuljayaram
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative... High Unreviewed
CVE-2026-31848 was published Mar 23, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files Moderate
CVE-2026-33003 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form Moderate
CVE-2026-33004 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage... High Unreviewed
CVE-2026-32842 was published Mar 18, 2026
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet... Moderate Unreviewed
CVE-2025-55717 was published Mar 10, 2026
The SAP Customer Checkout application exhibits certain design characteristics that involve... Moderate Unreviewed
CVE-2026-24311 was published Mar 10, 2026
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in... Moderate Unreviewed
CVE-2025-70050 was published Mar 9, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in... High Unreviewed
CVE-2024-55027 was published Mar 3, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on... Moderate Unreviewed
CVE-2025-47147 was published Mar 3, 2026
The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3... Moderate Unreviewed
CVE-2026-3277 was published Feb 27, 2026
Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3... Moderate Unreviewed
CVE-2026-3221 was published Feb 25, 2026
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user... High Unreviewed
CVE-2026-27520 was published Feb 24, 2026
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker... Moderate Unreviewed
CVE-2026-23655 was published Feb 10, 2026
In SAP Business One, sensitive information is written to the application�s memory dump files... Moderate Unreviewed
CVE-2026-24319 was published Feb 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database