Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown... Low Unreviewed
CVE-2026-11493 was published Jun 8, 2026
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3... Moderate Unreviewed
CVE-2024-40684 was published May 27, 2026
A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an... Low Unreviewed
CVE-2026-9394 was published May 26, 2026
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong... High Unreviewed
CVE-2026-41038 was published Apr 21, 2026
An attacker with network access to the PLC is able to brute force discover passwords to gain... Critical Unreviewed
CVE-2026-6284 was published Apr 17, 2026
A Weak Password Requirements vulnerability in the password management function of Juniper... Critical Unreviewed
CVE-2026-33771 was published Apr 10, 2026
Nautobot: Management of users via REST API does not apply configured password validators Low
CVE-2026-34203 was published for nautobot (pip) Mar 31, 2026
morimori-dev Credited to morimori-dev
OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token Moderate
CVE-2026-35646 was published for openclaw (npm) Mar 29, 2026
zpbrent Credited to zpbrent
OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Moderate
CVE-2026-35628 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing Moderate
CVE-2026-35623 was published for openclaw (npm) Mar 27, 2026
zpbrent Credited to zpbrent
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for... Moderate Unreviewed
CVE-2025-55269 was published Mar 26, 2026
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change Critical
CVE-2026-27575 was published for code.vikunja.io/api (Go) Feb 25, 2026
iamsampathk Credited to iamsampathk
The web management interface of the device allows the administrator username and password to be... Critical Unreviewed
CVE-2026-25715 was published Feb 20, 2026
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability... Low Unreviewed
CVE-2026-1408 was published Jan 26, 2026
HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use... Low Unreviewed
CVE-2025-55252 was published Jan 19, 2026
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2025-68963 was published Jan 14, 2026
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract:... High Unreviewed
CVE-2025-23408 was published Dec 12, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an... Critical Unreviewed
CVE-2025-53963 was published Dec 4, 2025
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account... High Unreviewed
CVE-2025-63800 was published Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder Credited to marcelomulder
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default... Critical Unreviewed
CVE-2025-63747 was published Nov 17, 2025
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement... High Unreviewed
CVE-2025-55034 was published Nov 15, 2025
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Moderate Unreviewed
CVE-2025-12552 was published Oct 31, 2025
MLflow Weak Password Requirements Authentication Bypass Vulnerability High
CVE-2025-11200 was published for mlflow (pip) Oct 29, 2025
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12364 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database