Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

715 advisories

Loading
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0... Moderate Unreviewed
CVE-2026-22155 was published Apr 14, 2026
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0... Moderate Unreviewed
CVE-2026-21742 was published Apr 14, 2026
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur... High Unreviewed
CVE-2026-31923 was published Apr 14, 2026
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud... Moderate Unreviewed
CVE-2026-31924 was published Apr 14, 2026
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on... Moderate Unreviewed
CVE-2026-4820 was published Apr 1, 2026
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is... Low Unreviewed
CVE-2026-5115 was published Mar 31, 2026
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy,... Moderate Unreviewed
CVE-2026-5119 was published Mar 30, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of... Moderate Unreviewed
CVE-2026-1014 was published Mar 25, 2026
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to... Moderate Unreviewed
CVE-2025-64648 was published Mar 25, 2026
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated... Moderate Unreviewed
CVE-2026-20115 was published Mar 25, 2026
Service information is not encrypted when transmitted as BACnet packets over the wire, and can... Critical Unreviewed
CVE-2026-24060 was published Mar 21, 2026
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management... High Unreviewed
CVE-2026-32838 was published Mar 18, 2026
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure... Moderate Unreviewed
CVE-2026-32745 was published Mar 13, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Low Unreviewed
CVE-2025-13718 was published Mar 13, 2026
Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized... High Unreviewed
CVE-2026-23661 was published Mar 10, 2026
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in... High Unreviewed
CVE-2025-70048 was published Mar 9, 2026
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk... High Unreviewed
CVE-2026-30796 was published Mar 5, 2026
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client... High Unreviewed
CVE-2026-30795 was published Mar 5, 2026
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access Moderate
CVE-2026-32034 was published for openclaw (npm) Mar 3, 2026
Vasco0x4 Credited to Vasco0x4
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS... Moderate Unreviewed
CVE-2025-13490 was published Mar 3, 2026
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher... Moderate Unreviewed
CVE-2026-20801 was published Mar 3, 2026
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to... Moderate Unreviewed
CVE-2024-43766 was published Mar 2, 2026
In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises... High Unreviewed
CVE-2025-58107 was published Mar 2, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials... High Unreviewed
CVE-2026-27752 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database