Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

546 advisories

Loading
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email... Moderate Unreviewed
CVE-2021-34544 was published Dec 8, 2021
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain... Moderate Unreviewed
CVE-2024-10523 was published Nov 4, 2024
A user with permission to log on to the machine hosting the AXIS Device Manager client could... Moderate Unreviewed
CVE-2021-31989 was published May 24, 2022
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created... Moderate Unreviewed
CVE-2020-11918 was published Nov 7, 2024
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100... Moderate Unreviewed
CVE-2024-34891 was published Nov 4, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores... Low Unreviewed
CVE-2024-40594 was published Jul 6, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted... Low Unreviewed
CVE-2023-46294 was published May 1, 2024
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to... High Unreviewed
CVE-2024-28327 was published Apr 26, 2024
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command... Critical Unreviewed
CVE-2024-40457 was published Sep 12, 2024
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information,... Moderate Unreviewed
CVE-2024-7783 was published Oct 29, 2024
This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in... High Unreviewed
CVE-2024-9991 was published Oct 25, 2024
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition... High Unreviewed
CVE-2024-9466 was published Oct 9, 2024
The Danfoss AK-EM100 stores login credentials in cleartext. High Unreviewed
CVE-2023-22584 was published Jun 11, 2023
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test... High Unreviewed
CVE-2024-8070 was published Oct 13, 2024
The conformance validation endpoint is public so everybody can verify the conformance of... Moderate Unreviewed
CVE-2024-9802 was published Oct 10, 2024
The health endpoint is public so everybody can see a list of all services. It is potentially... Critical Unreviewed
CVE-2024-9798 was published Oct 10, 2024
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak... Moderate Unreviewed
CVE-2024-45004 was published Sep 4, 2024
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco... Moderate Unreviewed
CVE-2024-20448 was published Oct 2, 2024
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp... Critical Unreviewed
CVE-2024-8644 was published Sep 27, 2024
An unauthorized user is able to gain access to sensitive data, including credentials, by... High Unreviewed
CVE-2024-38280 was published Jun 13, 2024
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive... High Unreviewed
CVE-2024-25661 was published Oct 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database