Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers... High Unreviewed
CVE-2026-35644 was published Apr 10, 2026
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON High
CVE-2026-34214 was published for io.trino:trino-iceberg (Maven) Mar 29, 2026
findinpath Credited to findinpath, ebyhr, chenjian2664, losipiuk, and findepi ebyhr ebyhr
chenjian2664 chenjian2664 losipiuk losipiuk findepi findepi
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative... High Unreviewed
CVE-2026-31848 was published Mar 23, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage... High Unreviewed
CVE-2026-32842 was published Mar 18, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in... High Unreviewed
CVE-2024-55027 was published Mar 3, 2026
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user... High Unreviewed
CVE-2026-27520 was published Feb 24, 2026
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key... High Unreviewed
CVE-2025-12679 was published Feb 3, 2026
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav... High Unreviewed
CVE-2025-12772 was published Feb 3, 2026
With physical access to the device and enough time an attacker can desolder the flash memory,... High Unreviewed
CVE-2025-59105 was published Jan 26, 2026
A security issue was discovered within the legacy Ansible playbook component of Verve Asset... High Unreviewed
CVE-2025-14377 was published Jan 20, 2026
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure... High Unreviewed
CVE-2020-36887 was published Dec 10, 2025
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's... High Unreviewed
CVE-2024-58277 was published Dec 4, 2025
Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of... High Unreviewed
CVE-2025-65320 was published Dec 3, 2025
An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6... High Unreviewed
CVE-2025-63208 was published Nov 19, 2025
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local... High Unreviewed
CVE-2025-21061 was published Oct 10, 2025
Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi... High Unreviewed
CVE-2025-59409 was published Oct 2, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS... High Unreviewed
CVE-2025-34200 was published Sep 19, 2025
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text High
CVE-2024-52284 was published for github.com/rancher/fleet (Go) Aug 29, 2025
This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without... High Unreviewed
CVE-2025-54464 was published Aug 13, 2025
Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in... High Unreviewed
CVE-2025-51055 was published Aug 6, 2025
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of... High Unreviewed
CVE-2025-44649 was published Jul 21, 2025
The hard drives of the device are not encrypted using a full volume encryption feature such as... High Unreviewed
CVE-2025-27460 was published Jul 3, 2025
react-native-keys insecurely stores encryption cipher and Base64 chunks High
CVE-2025-45001 was published for react-native-keys (npm) Jun 9, 2025
ThomasWunderlich Credited to ThomasWunderlich
Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including... High Unreviewed
CVE-2025-44614 was published May 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database