Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller Low
CVE-2023-30527 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form Low
CVE-2023-30528 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to... Moderate Unreviewed
CVE-2023-0005 was published Apr 12, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user... Moderate Unreviewed
CVE-2023-22949 was published Apr 14, 2023
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in... High Unreviewed
CVE-2023-31043 was published Apr 23, 2023
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. High Unreviewed
CVE-2023-29480 was published Apr 24, 2023
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40... High Unreviewed
CVE-2023-2335 was published Apr 27, 2023
Lightbend Alpakka Kafka logs credentials on debug level Moderate
CVE-2023-29471 was published for com.typesafe.akka:akka-stream-kafka (Maven) Apr 27, 2023
Data written to GitHub Actions Cache may expose secrets High
CVE-2023-30853 was published for gradle/gradle-build-action (GitHub Actions) May 1, 2023
bigdaz
Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0... Moderate Unreviewed
CVE-2023-24586 was published May 10, 2023
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there... Moderate Unreviewed
CVE-2023-20914 was published May 16, 2023
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be... Moderate Unreviewed
CVE-2023-22878 was published May 19, 2023
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and... Low Unreviewed
CVE-2023-2863 was published May 24, 2023
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext... Moderate Unreviewed
CVE-2023-32448 was published May 30, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console... Moderate Unreviewed
CVE-2023-28345 was published May 31, 2023
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.... High Unreviewed
CVE-2023-28713 was published Jun 1, 2023
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local... High Unreviewed
CVE-2023-27706 was published Jun 9, 2023
The Danfoss AK-EM100 stores login credentials in cleartext. High Unreviewed
CVE-2023-22584 was published Jun 11, 2023
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the... High Unreviewed
CVE-2023-1897 was published Jun 12, 2023
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear... Moderate Unreviewed
CVE-2022-33159 was published Jun 15, 2023
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain... High Unreviewed
CVE-2023-27243 was published Jun 21, 2023
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in... Moderate Unreviewed
CVE-2023-3395 was published Jul 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database