Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

713 advisories

Loading
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted... Moderate Unreviewed
CVE-2026-7163 was published Apr 30, 2026
Cillium exposes sensitive information included in the cilium-bugtool debug archive High
CVE-2026-41520 was published for github.com/cilium/cilium (Go) Apr 25, 2026
tklauser Credited to tklauser and kodareef5 kodareef5 kodareef5
TYPO3 CMS Stores Cleartext Password in User Settings Module High
CVE-2026-6553 was published for typo3/cms-backend (Composer) Apr 24, 2026
mclewing Credited to mclewing, garvinhicking, and ohader garvinhicking garvinhicking
ohader ohader
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function... Moderate Unreviewed
CVE-2026-6796 was published Apr 21, 2026
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint Low
CVE-2026-6598 was published for langflow (pip) Apr 20, 2026
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request Moderate
GHSA-6pcv-j4jx-m4vx was published for flowise (npm) Apr 16, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers... High Unreviewed
CVE-2026-35644 was published Apr 10, 2026
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64... Critical Unreviewed
CVE-2025-14815 was published Apr 8, 2026
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted... Moderate Unreviewed
CVE-2026-5531 was published Apr 5, 2026
Directus: Sensitive fields exposed in revision history Moderate
CVE-2026-39943 was published for directus (npm) Apr 4, 2026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups Critical
CVE-2026-33026 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON High
CVE-2026-34214 was published for io.trino:trino-iceberg (Maven) Mar 29, 2026
findinpath Credited to findinpath, ebyhr, chenjian2664, losipiuk, and findepi ebyhr ebyhr
chenjian2664 chenjian2664 losipiuk losipiuk findepi findepi
The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi... Moderate Unreviewed
CVE-2026-4346 was published Mar 27, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
AVideo has Plaintext Video Password Storage Critical
CVE-2026-33867 was published for wwbn/avideo (Composer) Mar 26, 2026
athuljayaram Credited to athuljayaram
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative... High Unreviewed
CVE-2026-31848 was published Mar 23, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files Moderate
CVE-2026-33003 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form Moderate
CVE-2026-33004 was published for org.jenkins-ci.plugins:loadninja (Maven) Mar 18, 2026
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage... High Unreviewed
CVE-2026-32842 was published Mar 18, 2026
A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet... Moderate Unreviewed
CVE-2025-55717 was published Mar 10, 2026
The SAP Customer Checkout application exhibits certain design characteristics that involve... Moderate Unreviewed
CVE-2026-24311 was published Mar 10, 2026
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in... Moderate Unreviewed
CVE-2025-70050 was published Mar 9, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in... High Unreviewed
CVE-2024-55027 was published Mar 3, 2026
Rancher doesn't properly sanitize credentials in cluster template answers Critical
CVE-2021-36783 was published for github.com/rancher/rancher (Go) Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database