Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Implemented protections on AWS credentials that were not properly protected. High Unreviewed
CVE-2022-22998 was published Jul 13, 2022
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its... High Unreviewed
CVE-2022-1794 was published Jul 12, 2022
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3... High Unreviewed
CVE-2022-22396 was published Jun 7, 2022
Specific BD Pyxis™ products were installed with default credentials and may presently still... High Unreviewed
CVE-2022-22767 was published Jun 3, 2022
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments... High Unreviewed
CVE-2022-22557 was published Jun 3, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get... High Unreviewed
CVE-2020-8994 was published May 24, 2022
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7... High Unreviewed
CVE-2021-40503 was published May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin High
CVE-2019-10329 was published for org.jenkins-ci.plugins:influxdb (Maven) May 24, 2022
westonsteimel
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3... High Unreviewed
CVE-2019-11820 was published May 24, 2022
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30... High Unreviewed
CVE-2021-35033 was published May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users High
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an... High Unreviewed
CVE-2021-3787 was published May 24, 2022
In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users... High Unreviewed
CVE-2021-42557 was published May 24, 2022
Windows AppContainer Elevation Of Privilege Vulnerability High Unreviewed
CVE-2021-40476 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... High Unreviewed
CVE-2021-38460 was published May 24, 2022
The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35495 was published May 24, 2022
Information disclosure: The main configuration, including users and their hashed passwords, is... High Unreviewed
CVE-2021-23858 was published May 24, 2022
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to... High Unreviewed
CVE-2021-41297 was published May 24, 2022
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker... High Unreviewed
CVE-2021-40655 was published May 24, 2022
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line,... High Unreviewed
CVE-2021-28498 was published May 24, 2022
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption),... High Unreviewed
CVE-2021-39289 was published May 24, 2022
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power... High Unreviewed
CVE-2021-35529 was published May 24, 2022
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers... High Unreviewed
CVE-2021-38165 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database