Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2022-41734 was published Feb 17, 2023
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with... Moderate Unreviewed
CVE-2018-2028 was published May 24, 2022
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. Moderate Unreviewed
CVE-2022-31405 was published Feb 27, 2023
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability... High Unreviewed
CVE-2023-26760 was published Feb 27, 2023
Apache Linkis vulnerable to Exposure of Sensitive Information Moderate
CVE-2022-44644 was published for org.apache.linkis:linkis (Maven) Jan 31, 2023
An information disclosure vulnerability allows sensitive key material to be included in technical... Moderate Unreviewed
CVE-2022-48310 was published Mar 1, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in... Low Unreviewed
CVE-2023-23776 was published Mar 7, 2023
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with... Moderate Unreviewed
CVE-2023-25596 was published Mar 22, 2023
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the... Moderate Unreviewed
CVE-2023-25263 was published Mar 27, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form Low
CVE-2023-30528 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30530 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30531 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller Moderate
CVE-2023-30523 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller Low
CVE-2023-30527 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via... Moderate Unreviewed
CVE-2019-15656 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source... High Unreviewed
CVE-2021-20407 was published May 24, 2022
A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this... High Unreviewed
CVE-2023-1683 was published Mar 29, 2023
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data... High Unreviewed
CVE-2021-35526 was published May 24, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all... High Unreviewed
CVE-2022-25164 was published Nov 25, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric... Moderate Unreviewed
CVE-2022-29832 was published Nov 25, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3... High Unreviewed
CVE-2022-29826 was published Nov 25, 2022
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through... Moderate Unreviewed
CVE-2022-4312 was published Dec 12, 2022
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default Moderate
CVE-2022-41933 was published for org.xwiki.platform:xwiki-platform-security-authentication-default (Maven) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database