Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

179 advisories

Loading
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro giorio94
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to... Moderate Unreviewed
CVE-2021-39090 was published Feb 29, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies Moderate
CVE-2024-28249 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 jschwinger233
julianwiedmann
Unencrypted traffic between nodes when using WireGuard and L7 policies Moderate
CVE-2024-28250 was published for github.com/cilium/cilium (Go) Mar 18, 2024
giorio94 brb
jschwinger233
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support... Moderate Unreviewed
CVE-2024-7142 was published Jan 11, 2025
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the... Moderate Unreviewed
CVE-2020-27650 was published May 24, 2022
ipip downloads Resources over HTTP Moderate
CVE-2016-10594 was published for ipip (npm) Feb 18, 2019
vulnerability-analyst
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-41757 was published Jan 24, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote... Moderate Unreviewed
CVE-2024-38325 was published Jan 27, 2025
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption... Moderate Unreviewed
CVE-2024-40620 was published Aug 14, 2024
When saving HSTS data to an excessively long file name, curl could end up removing all contents,... Moderate Unreviewed
CVE-2023-46219 was published Dec 12, 2023
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2... Moderate Unreviewed
CVE-2023-37405 was published Mar 27, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Elasticsearch stores private key on disk unencrypted Moderate
CVE-2024-23444 was published for org.elasticsearch:elasticsearch (Maven) Jul 31, 2024
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that... Moderate Unreviewed
CVE-2025-1688 was published Apr 15, 2025
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption... Moderate Unreviewed
CVE-2017-6297 was published May 13, 2022
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6... Moderate Unreviewed
CVE-2017-7485 was published May 13, 2022
The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http... Moderate Unreviewed
CVE-2017-9045 was published May 13, 2022
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions... Moderate Unreviewed
CVE-2018-18984 was published May 13, 2022
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and... Moderate Unreviewed
CVE-2018-10631 was published May 13, 2022
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and... Moderate Unreviewed
CVE-2018-8849 was published May 13, 2022
Jenkins QMetry Test Management Plugin stores unencrypted API keys Moderate
CVE-2025-53659 was published for org.jenkins-ci.plugins:qmetry-test-management (Maven) Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text Moderate
CVE-2025-53666 was published for org.jenkins-ci.plugins:deadmanssnitch (Maven) Jul 9, 2025
Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens in its global configuration file Moderate
CVE-2025-53673 was published for org.jenkins-ci.plugins:sensedia-api-platform (Maven) Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database