Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP... Moderate Unreviewed
CVE-2024-20292 was published Mar 6, 2024
An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data... High Unreviewed
CVE-2025-25758 was published Mar 20, 2025
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN... Moderate Unreviewed
CVE-2020-36248 was published May 24, 2022
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an... Moderate Unreviewed
CVE-2024-21993 was published Jul 10, 2024
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3... Moderate Unreviewed
CVE-2025-2909 was published Mar 28, 2025
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4... Moderate Unreviewed
CVE-2023-22332 was published Jan 30, 2023
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information... Moderate Unreviewed
CVE-2024-28065 was published Apr 5, 2024
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who... Moderate Unreviewed
CVE-2025-0418 was published Apr 1, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and ... Moderate Unreviewed
CVE-2007-5778 was published May 1, 2022
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the... Moderate Unreviewed
CVE-2009-0964 was published May 2, 2022
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party... Moderate Unreviewed
CVE-2009-1603 was published May 2, 2022
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in... Low Unreviewed
CVE-2009-1466 was published May 2, 2022
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM)... Moderate Unreviewed
CVE-2009-0152 was published May 2, 2022
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity... Moderate Unreviewed
CVE-2008-6828 was published May 17, 2022
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the... Moderate Unreviewed
CVE-2010-0225 was published May 2, 2022
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi... Moderate Unreviewed
CVE-2025-3442 was published Apr 9, 2025
A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to... Moderate Unreviewed
CVE-2025-0123 was published Apr 11, 2025
Logins saved by Firefox should be managed by the Password Manager component which uses encryption... Low Unreviewed
CVE-2022-42931 was published Dec 22, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330... High Unreviewed
CVE-2025-27685 was published Mar 5, 2025
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local,... Moderate Unreviewed
CVE-2020-14480 was published Feb 25, 2022
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... High Unreviewed
CVE-2017-13663 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database