GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
735 advisories
Filter by severity
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does...
Moderate
Unreviewed
CVE-2026-8804
was published
Jul 3, 2026
Steeltoe: TLS private keys written to /tmp with default permissions, never deleted
Moderate
CVE-2026-50267
was published
for
Steeltoe.Configuration.Abstractions
(NuGet)
Jul 2, 2026
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr...
Moderate
Unreviewed
CVE-2026-38571
was published
Jun 27, 2026
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the...
Moderate
Unreviewed
CVE-2026-57287
was published
Jun 24, 2026
nebula-mesh's stores enrollment tokens unhashed in SQLite
Moderate
GHSA-ghmh-jhmj-wcmf
was published
for
github.com/juev/nebula-mesh
(Go)
Jun 22, 2026
Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets
Moderate
CVE-2026-55885
was published
for
getgrav/grav
(Composer)
Jun 18, 2026
Improper access control in the ticketing integration settings in Devolutions Server allows an...
Moderate
Unreviewed
CVE-2026-10786
was published
Jun 8, 2026
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in...
High
Unreviewed
CVE-2026-36176
was published
Jun 4, 2026
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows...
Low
Unreviewed
CVE-2026-4387
was published
May 29, 2026
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive...
Moderate
Unreviewed
CVE-2026-9274
was published
May 26, 2026
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
High
CVE-2026-8596
was published
for
sagemaker
(pip)
May 21, 2026
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the...
Moderate
Unreviewed
CVE-2026-6332
was published
May 14, 2026
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh)...
Moderate
Unreviewed
CVE-2026-42408
was published
May 13, 2026
When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST...
Moderate
Unreviewed
CVE-2026-28758
was published
May 13, 2026
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
Low
Unreviewed
CVE-2026-45362
was published
May 12, 2026
Electerm's full process.env exposed to renderer via window.pre.env
Moderate
CVE-2026-43942
was published
for
electerm
(npm)
May 8, 2026
Flowise: Bcrypt Password Hash Exposure
Moderate
CVE-2026-8026
was published
for
flowise
(npm)
May 6, 2026
Prometheus Azure AD remote write OAuth client secret exposed via config API
High
CVE-2026-42151
was published
for
github.com/prometheus/prometheus
(Go)
May 5, 2026
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext...
High
Unreviewed
CVE-2026-43824
was published
May 2, 2026
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted...
Moderate
Unreviewed
CVE-2026-7163
was published
Apr 30, 2026
Cillium exposes sensitive information included in the cilium-bugtool debug archive
High
CVE-2026-41520
was published
for
github.com/cilium/cilium
(Go)
Apr 25, 2026
TYPO3 CMS Stores Cleartext Password in User Settings Module
High
CVE-2026-6553
was published
for
typo3/cms-backend
(Composer)
Apr 24, 2026
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function...
Moderate
Unreviewed
CVE-2026-6796
was published
Apr 21, 2026
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
Low
CVE-2026-6598
was published
for
langflow
(pip)
Apr 20, 2026
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request
Moderate
CVE-2026-56270
was published
for
flowise
(npm)
Apr 16, 2026
ProTip!
Advisories are also available from the
GraphQL API