Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed
CVE-2023-33263 was published May 25, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed
CVE-2023-29168 was published Jun 8, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed
CVE-2022-47376 was published Jun 13, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed
CVE-2020-18406 was published Jun 27, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
Fleet before 2.1.2 allows exposure of SMTP credentials. High Unreviewed
CVE-2019-1020009 was published May 24, 2022
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified... High Unreviewed
CVE-2019-10981 was published May 24, 2022
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules High Unreviewed
CVE-2023-28089 was published Apr 25, 2023
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed
CVE-2023-41677 was published Apr 9, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed
CVE-2023-37400 was published Apr 19, 2024
Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed
CVE-2024-27109 was published May 14, 2024
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker... High Unreviewed
CVE-2021-40655 was published May 24, 2022
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed
CVE-2023-41926 was published Jul 2, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed
CVE-2024-38453 was published Jul 3, 2024
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an... High Unreviewed
CVE-2020-29583 was published May 24, 2022
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the... High Unreviewed
CVE-2020-11925 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database