GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
451 advisories
Filter by severity
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
Gradio uses insecure communication between the FRP client and server
High
CVE-2024-47871
was published
for
gradio
(pip)
Oct 10, 2024
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)...
Moderate
Unreviewed
CVE-2024-20515
was published
Oct 2, 2024
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active...
Moderate
Unreviewed
CVE-2023-52948
was published
Sep 26, 2024
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup...
Moderate
Unreviewed
CVE-2023-52950
was published
Sep 26, 2024
Credentials to access device configuration were transmitted using an unencrypted protocol. These...
High
Unreviewed
CVE-2024-42495
was published
Sep 6, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2024-20503
was published
Sep 4, 2024
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2024-39746
was published
Aug 22, 2024
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain...
High
Unreviewed
CVE-2024-42657
was published
Aug 19, 2024
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2024-31905
was published
Aug 15, 2024
CVE-2024-40620 IMPACT
A vulnerability exists in the affected product due to lack of encryption...
Moderate
Unreviewed
CVE-2024-40620
was published
Aug 14, 2024
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue...
High
Unreviewed
CVE-2024-7396
was published
Aug 5, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data...
Moderate
Unreviewed
CVE-2024-38302
was published
Jul 18, 2024
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow...
Moderate
Unreviewed
CVE-2024-5731
was published
Jun 14, 2024
Sensitive customer information is stored in the device without encryption.
Unknown
Unreviewed
CVE-2024-38283
was published
Jun 13, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
Vulnerable data in transit in GE HealthCare EchoPAC products
Moderate
Unreviewed
CVE-2024-27106
was published
May 14, 2024
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing...
Moderate
Unreviewed
CVE-2024-25027
was published
Mar 31, 2024
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-35888
was published
Mar 20, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
ProTip!
Advisories are also available from the
GraphQL API