Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service... High Unreviewed
CVE-2020-29324 was published May 24, 2022
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all... Moderate Unreviewed
CVE-2021-32942 was published May 24, 2022
Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful... Moderate Unreviewed
CVE-2020-15384 was published May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23182 was published May 24, 2022
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in... Moderate Unreviewed
CVE-2021-27487 was published May 24, 2022
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A... Moderate Unreviewed
CVE-2021-28979 was published May 24, 2022
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the... Moderate Unreviewed
CVE-2021-28858 was published May 24, 2022
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1... Moderate Unreviewed
CVE-2021-29956 was published May 24, 2022
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key... High Unreviewed
CVE-2021-29950 was published May 24, 2022
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to... Moderate Unreviewed
CVE-2021-36158 was published May 24, 2022
When configuring Octopus Server if it is configured with an external SQL database, on initial... High Unreviewed
CVE-2021-31817 was published May 24, 2022
When configuring Octopus Server if it is configured with an external SQL database, on initial... High Unreviewed
CVE-2021-31816 was published May 24, 2022
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be... Moderate Unreviewed
CVE-2021-20510 was published May 24, 2022
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt... High Unreviewed
CVE-2020-12731 was published May 24, 2022
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary... High Unreviewed
CVE-2020-22741 was published May 24, 2022
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by... Moderate Unreviewed
CVE-2021-31581 was published May 24, 2022
Liferay Portal and Liferay DXP autosaves form data for other users to see High
CVE-2021-33323 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext Moderate
CVE-2021-33325 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. High Unreviewed
CVE-2021-37548 was published May 24, 2022
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control... High Unreviewed
CVE-2020-18759 was published May 24, 2022
UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle... Moderate Unreviewed
CVE-2020-36473 was published May 24, 2022
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured... High Unreviewed
CVE-2021-31820 was published May 24, 2022
A user with permission to log on to the machine hosting the AXIS Device Manager client could... Moderate Unreviewed
CVE-2021-31989 was published May 24, 2022
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias... Moderate Unreviewed
CVE-2021-40087 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database