Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access Moderate
CVE-2026-32034 was published for openclaw (npm) Mar 3, 2026
Vasco0x4 Credited to Vasco0x4
Rancher's weave CNI password is not configured when a cluster is created from an RKE template Moderate
CVE-2022-21951 was published for github.com/rancher/rancher (Go) Mar 3, 2026
SageMaker Python SDK has Exposed HMAC High
CVE-2026-1777 was published for sagemaker (pip) Feb 2, 2026
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS Low
CVE-2025-54799 was published for github.com/go-acme/lego (Go) Aug 6, 2025
songgao Credited to songgao, chrisnojima, and AMarcedone chrisnojima chrisnojima
AMarcedone AMarcedone
In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters Moderate
CVE-2025-32793 was published for github.com/cilium/cilium (Go) Apr 21, 2025
julianwiedmann Credited to julianwiedmann
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
Duplicate Advisory: Keycloak vulnerable to Cleartext Transmission of Sensitive Information Moderate
GHSA-6mpx-pmgp-ww49 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 18, 2024 withdrawn
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
Taipy has a Session Cookie without Secure and HTTPOnly flags Moderate
CVE-2024-47833 was published for taipy (pip) Aug 27, 2024
mbiesiad Credited to mbiesiad
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability Moderate
CVE-2024-38167 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Aug 13, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 Credited to SCH227 and g147 g147 g147
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35057 was published for ait-core (pip) May 21, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35058 was published for ait-core (pip) May 21, 2024
dectalk-tts Uses Unencrypted HTTP Request High
CVE-2024-31206 was published for dectalk-tts (npm) Apr 4, 2024
AverageHelper Credited to AverageHelper and JstnMcBrd JstnMcBrd JstnMcBrd
Unencrypted traffic between nodes when using WireGuard and L7 policies Moderate
CVE-2024-28250 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 Credited to giorio94, brb, and jschwinger233 brb brb
jschwinger233 jschwinger233
Unencrypted traffic between nodes when using IPsec and L7 policies Moderate
CVE-2024-28249 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 Credited to giorio94, jschwinger233, and julianwiedmann jschwinger233 jschwinger233
julianwiedmann julianwiedmann
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass High
CVE-2024-0056 was published for Microsoft.Data.SqlClient (NuGet) Jan 9, 2024
cheenamalhotra Credited to cheenamalhotra
Keycloak vulnerable to Plaintext Storage of User Password High
CVE-2023-4918 was published for org.keycloak:keycloak-core (Maven) Sep 12, 2023
dasniko Credited to dasniko and lme-atolcd lme-atolcd lme-atolcd
html inputs of type password recorded in plaintext when converted to text inputs Moderate
CVE-2023-33187 was published for highlight.run (npm) May 26, 2023
Ironic and ironic-inspector may expose as ConfigMaps Moderate
CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate
CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database