Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

633 advisories

Loading
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session... Low Unreviewed
CVE-2021-42948 was published Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed
CVE-2022-30312 was published Sep 8, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which... High Unreviewed
CVE-2022-2083 was published Sep 6, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0... Critical Unreviewed
CVE-2022-34371 was published Sep 3, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials... High Unreviewed
CVE-2022-2005 was published Sep 1, 2022
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU... Critical Unreviewed
CVE-2022-2003 was published Sep 1, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may... High Unreviewed
CVE-2022-2485 was published Sep 1, 2022
Cleartext Transmission of Sensitive Information in moment-timezone Moderate
GHSA-v78c-4p63-2j6c was published for moment-timezone (npm) Aug 30, 2022
scovetta
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be... High Unreviewed
CVE-2022-36200 was published Aug 29, 2022
This issue was addressed by using HTTPS when sending information over the network. This issue is... Moderate Unreviewed
CVE-2022-32857 was published Aug 25, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure... High Unreviewed
CVE-2021-3590 was published Aug 23, 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in... Moderate Unreviewed
CVE-2022-2338 was published Aug 18, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local... Moderate Unreviewed
CVE-2022-20243 was published Aug 12, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an... High Unreviewed
CVE-2022-32245 was published Aug 11, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-34704 was published Aug 10, 2022
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1... Low Unreviewed
CVE-2022-33724 was published Aug 6, 2022
Cleartext transmission of sensitive information vulnerability in authentication management in... Moderate Unreviewed
CVE-2022-27619 was published Aug 4, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They... High Unreviewed
CVE-2022-31204 was published Jul 27, 2022
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server... Moderate Unreviewed
CVE-2022-28861 was published Jul 22, 2022
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-34804 was published for org.jenkins-ci.plugins:opsgenie (Maven) Jul 1, 2022
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin Low
CVE-2022-34801 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this... Moderate Unreviewed
CVE-2017-20109 was published Jun 30, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller... High Unreviewed
CVE-2022-29519 was published Jun 29, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack... Moderate Unreviewed
CVE-2022-1524 was published Jun 25, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database