Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

631 advisories

Loading
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which... Moderate Unreviewed
CVE-2008-4122 was published May 2, 2022
An attacker with access to the network where the affected devices are located could... Moderate Unreviewed
CVE-2023-40544 was published Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances... High Unreviewed
CVE-2023-32328 was published Feb 7, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3... Moderate Unreviewed
CVE-2023-42016 was published Feb 9, 2024
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information... Critical Unreviewed
CVE-2023-39245 was published Feb 15, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2023-47745 was published Mar 3, 2024
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the... Moderate Unreviewed
CVE-2010-4177 was published Apr 21, 2022
An unauthenticated remote attacker can influence the communication due to the lack of encryption... High Unreviewed
CVE-2024-26288 was published Mar 12, 2024
The affected product is vulnerable to a cleartext transmission of sensitive information... High Unreviewed
CVE-2024-0860 was published Mar 14, 2024
When curl is instructed to get content using the metalink feature, and a user name and password... Moderate Unreviewed
CVE-2021-22923 was published May 24, 2022
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep... High Unreviewed
CVE-2022-43551 was published Dec 23, 2022
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that... Moderate Unreviewed
CVE-2023-23915 was published Feb 23, 2023
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of... High Unreviewed
CVE-2024-25960 was published Mar 28, 2024
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP... Moderate Unreviewed
CVE-2023-35833 was published Jul 13, 2023
** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices... Moderate Unreviewed
CVE-2022-47560 was published Sep 20, 2023
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields Low
CVE-2019-10397 was published for org.jenkins-ci.plugins:aqua-serverless (Maven) May 24, 2022
andrewpollock
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain... Moderate Unreviewed
CVE-2012-1257 was published Apr 23, 2022
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0... Critical Unreviewed
CVE-2019-3793 was published May 24, 2022
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0... High Unreviewed
CVE-2018-1360 was published May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an... Critical Unreviewed
CVE-2019-3801 was published May 24, 2022
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security... High Unreviewed
CVE-2019-5494 was published May 24, 2022
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers... High Unreviewed
CVE-2019-5496 was published May 24, 2022
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions... Moderate Unreviewed
CVE-2019-12820 was published May 24, 2022
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext... High Unreviewed
CVE-2019-15135 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database