GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
234 advisories
Filter by severity
Credentials to access device configuration were transmitted using an unencrypted protocol. These...
High
Unreviewed
CVE-2024-42495
was published
Sep 6, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2024-20503
was published
Sep 4, 2024
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2024-39746
was published
Aug 22, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-42657
was published
Aug 19, 2024
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-31905
was published
Aug 15, 2024
CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption...
Moderate
Unreviewed
CVE-2024-40620
was published
Aug 14, 2024
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue...
High
Unreviewed
CVE-2024-7396
was published
Aug 5, 2024
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data...
Moderate
Unreviewed
CVE-2024-38302
was published
Jul 18, 2024
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow...
Moderate
Unreviewed
CVE-2024-5731
was published
Jun 14, 2024
Sensitive customer information is stored in the device without encryption.
Unknown
Unreviewed
CVE-2024-38283
was published
Jun 13, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
Vulnerable data in transit in GE HealthCare EchoPAC products
Moderate
Unreviewed
CVE-2024-27106
was published
May 14, 2024
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing...
Moderate
Unreviewed
CVE-2024-25027
was published
Mar 31, 2024
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-35888
was published
Mar 20, 2024
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.
Critical
Unreviewed
CVE-2024-29151
was published
Mar 18, 2024
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical...
Moderate
Unreviewed
CVE-2023-27291
was published
Mar 3, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2021-39090
was published
Feb 29, 2024
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography...
High
Unreviewed
CVE-2024-0220
was published
Feb 22, 2024
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what...
High
Unreviewed
CVE-2023-4537
was published
Feb 15, 2024
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow...
Moderate
Unreviewed
CVE-2023-50126
was published
Jan 11, 2024
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create...
Moderate
Unreviewed
CVE-2023-50129
was published
Jan 11, 2024
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-38267
was published
Jan 11, 2024
Google Nest WiFi Pro root code-execution & user-data compromise
Critical
Unreviewed
CVE-2023-6339
was published
Jan 3, 2024
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
High
Unreviewed
CVE-2023-33037
was published
Jan 2, 2024
When saving HSTS data to an excessively long file name, curl could end up
removing all contents,...
Moderate
Unreviewed
CVE-2023-46219
was published
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API