Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure Critical
CVE-2026-27944 was published for github.com/0xJacky/Nginx-UI (Go) Mar 5, 2026
tenbbughunters Credited to tenbbughunters
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what... Critical Unreviewed
CVE-2024-4995 was published Dec 18, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ... Critical Unreviewed
CVE-2023-41095 was published Oct 26, 2023
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. Critical Unreviewed
CVE-2024-29151 was published Mar 18, 2024
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.... Critical Unreviewed
CVE-2023-0750 was published Apr 6, 2023
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems... Critical Unreviewed
CVE-2019-3431 was published May 24, 2022
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks... Critical Unreviewed
CVE-2019-12924 was published May 24, 2022
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic... Critical Unreviewed
CVE-2019-11367 was published May 24, 2022
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext... Critical Unreviewed
CVE-2018-13992 was published May 24, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sniffing for specific... Critical Unreviewed
CVE-2017-9854 was published May 13, 2022
Google Nest WiFi Pro root code-execution & user-data compromise Critical Unreviewed
CVE-2023-6339 was published Jan 3, 2024
MindsDB can be made to not verify SSL certificates Critical
CVE-2023-38699 was published for MindsDB (pip) Aug 1, 2023
truesoni Credited to truesoni
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET... Critical Unreviewed
CVE-2018-10698 was published May 24, 2022
An issue was discovered on August Connect devices. Insecure data transfer between the August app... Critical Unreviewed
CVE-2018-20100 was published May 13, 2022
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user... Critical Unreviewed
CVE-2018-10612 was published May 13, 2022
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all... Critical Unreviewed
CVE-2018-17915 was published May 13, 2022
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and... Critical Unreviewed
CVE-2017-9632 was published May 13, 2022
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up... Critical Unreviewed
CVE-2018-7498 was published May 13, 2022
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default... Critical Unreviewed
CVE-2018-16879 was published May 13, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc... Critical Unreviewed
CVE-2020-15331 was published Sep 30, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed
CVE-2019-17218 was published May 24, 2022
VersionVault Express exposes sensitive information that an attacker can use to impersonate the... Critical Unreviewed
CVE-2021-27779 was published May 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database