Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credentials to access device configuration were transmitted using an unencrypted protocol. These... High Unreviewed
CVE-2024-42495 was published Sep 6, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-42657 was published Aug 19, 2024
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue... High Unreviewed
CVE-2024-7396 was published Aug 5, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography... High Unreviewed
CVE-2024-0220 was published Feb 22, 2024
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed
CVE-2023-4537 was published Feb 15, 2024
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. High Unreviewed
CVE-2023-33037 was published Jan 2, 2024
Vulnerability of missing encryption in the card management module. Successful exploitation of... High Unreviewed
CVE-2023-44098 was published Nov 8, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before... High Unreviewed
CVE-2023-33837 was published Oct 23, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to... High Unreviewed
CVE-2022-22401 was published Sep 9, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to... High Unreviewed
CVE-2023-4420 was published Aug 24, 2023
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain... High Unreviewed
CVE-2023-31819 was published Jul 13, 2023
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31822 was published Jul 13, 2023
An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31825 was published Jul 13, 2023
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31820 was published Jul 13, 2023
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored... High Unreviewed
CVE-2023-37192 was published Jul 7, 2023
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An... High Unreviewed
CVE-2023-30602 was published Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely... High Unreviewed
CVE-2023-34258 was published May 31, 2023
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data... High Unreviewed
CVE-2023-28045 was published May 19, 2023
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is... High Unreviewed
CVE-2023-32290 was published May 7, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database