GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
3,000
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
431 advisories
Filter by severity
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
Vulnerable data in transit in GE HealthCare EchoPAC products
Moderate
Unreviewed
CVE-2024-27106
was published
May 14, 2024
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing...
Moderate
Unreviewed
CVE-2024-25027
was published
Mar 31, 2024
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-35888
was published
Mar 20, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical...
Moderate
Unreviewed
CVE-2023-27291
was published
Mar 3, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2021-39090
was published
Feb 29, 2024
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography...
High
Unreviewed
CVE-2024-0220
was published
Feb 22, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what...
High
Unreviewed
CVE-2023-4537
was published
Feb 15, 2024
1Panel set-cookie is missing the Secure keyword
Moderate
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create...
Moderate
Unreviewed
CVE-2023-50129
was published
Jan 11, 2024
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow...
Moderate
Unreviewed
CVE-2023-50126
was published
Jan 11, 2024
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-38267
was published
Jan 11, 2024
Google Nest WiFi Pro root code-execution & user-data compromise
Critical
Unreviewed
CVE-2023-6339
was published
Jan 3, 2024
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
High
Unreviewed
CVE-2023-33037
was published
Jan 2, 2024
When saving HSTS data to an excessively long file name, curl could end up
removing all contents,...
Moderate
Unreviewed
CVE-2023-46219
was published
Dec 12, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of...
Moderate
Unreviewed
CVE-2023-42019
was published
Dec 1, 2023
Vulnerability of missing encryption in the card management module. Successful exploitation of...
High
Unreviewed
CVE-2023-44098
was published
Nov 8, 2023
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive...
Moderate
Unreviewed
CVE-2023-33228
was published
Nov 1, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM ...
Moderate
Unreviewed
CVE-2023-41096
was published
Oct 26, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ...
Critical
Unreviewed
CVE-2023-41095
was published
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API