Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input High
CVE-2025-61916 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Jan 5, 2026
jake-ciolek CodeWobbler
jasonmcintosh Jaimeoby
Credited to jake-ciolek, CodeWobbler, jasonmcintosh, and Jaimeoby
Brightpick Mission Control discloses device telemetry, configuration, and credential information... High Unreviewed
CVE-2025-64309 was published Nov 15, 2025
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side... High Unreviewed
CVE-2025-64308 was published Nov 15, 2025
Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by... High Unreviewed
CVE-2025-61121 was published Oct 30, 2025
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to... Moderate Unreviewed
CVE-2025-41705 was published Oct 14, 2025
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is... High Unreviewed
CVE-2024-1509 was published Mar 1, 2025
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow... High Unreviewed
CVE-2024-4188 was published Jul 30, 2024
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an... Moderate Unreviewed
CVE-2024-20395 was published Jul 17, 2024
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
PiiGAB M-Bus transmits credentials in plaintext format. High Unreviewed
CVE-2023-31277 was published Jul 7, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it... High Unreviewed
CVE-2023-22862 was published Jun 5, 2023
Apache Tomcat vulnerable to Unprotected Transport of Credentials Moderate
CVE-2023-28708 was published for org.apache.tomcat:tomcat-catalina (Maven) Mar 22, 2023
In the CODESYS Development System multiple components in multiple versions transmit the passwords... Critical Unreviewed
CVE-2022-31805 was published Jun 25, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... High Unreviewed
CVE-2021-38460 was published May 24, 2022
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8... High Unreviewed
CVE-2017-16731 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database