GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
212 advisories
Filter by severity
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
1Panel set-cookie is missing the Secure keyword
Moderate
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Croc requires senders to provide local IP addresses in cleartext
Moderate
CVE-2023-43618
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
MindsDB can be made to not verify SSL certificates
Critical
CVE-2023-38699
was published
for
MindsDB
(pip)
Aug 1, 2023
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Moderate
CVE-2023-37943
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jul 12, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted
Moderate
CVE-2023-28841
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
Noise vulnerable to denial of service
High
CVE-2021-4239
was published
for
github.com/flynn/noise
(Go)
Dec 28, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API