Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does... Moderate Unreviewed
CVE-2012-5627 was published May 17, 2022
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that... Moderate Unreviewed
CVE-2022-29587 was published May 17, 2022
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000402 was published for com.amazonaws:codedeploy (Maven) May 14, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's... Moderate Unreviewed
CVE-2018-9279 was published May 13, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP... Moderate Unreviewed
CVE-2018-9280 was published May 13, 2022
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm... Moderate Unreviewed
CVE-2018-16222 was published May 13, 2022
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted... Moderate Unreviewed
CVE-2018-12383 was published May 13, 2022
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in... Moderate Unreviewed
CVE-2018-12260 was published May 13, 2022
Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000057 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 13, 2022
q5438722
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application... Moderate Unreviewed
CVE-2017-9969 was published May 13, 2022
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for... Moderate Unreviewed
CVE-2017-8371 was published May 13, 2022
A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra... Moderate Unreviewed
CVE-2017-6694 was published May 13, 2022
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core... Moderate Unreviewed
CVE-2017-5704 was published May 13, 2022
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with... Moderate Unreviewed
CVE-2017-2751 was published May 13, 2022
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by... Moderate Unreviewed
CVE-2017-1207 was published May 13, 2022
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party... Moderate Unreviewed
CVE-2017-9637 was published May 13, 2022
A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an... Moderate Unreviewed
CVE-2018-15456 was published May 13, 2022
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes. Moderate Unreviewed
CVE-2018-15717 was published May 13, 2022
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and... Moderate Unreviewed
CVE-2018-5446 was published May 13, 2022
Jenkins allows Administrators to Access API Tokens Moderate
CVE-2015-5323 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Previous releases of the Puppet cisco_ios module output SSH session debug information including... Moderate Unreviewed
CVE-2018-11752 was published May 13, 2022
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3... Moderate Unreviewed
CVE-2013-4222 was published May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text Moderate
CVE-2019-1003097 was published for com.ds.tools.hudson:crowd (Maven) May 13, 2022
Jenkins TestFairy Plugin stores credentials in plain text Moderate
CVE-2019-1003096 was published for org.jenkins-ci.plugins:TestFairy (Maven) May 13, 2022
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to... Moderate Unreviewed
CVE-2018-12038 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database