Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

518 advisories

Loading
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format Moderate
CVE-2019-1010241 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local... Moderate Unreviewed
CVE-2023-50945 was published Jan 26, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure... Moderate Unreviewed
CVE-2024-47109 was published Mar 10, 2025
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows... Moderate Unreviewed
CVE-2024-44754 was published Feb 28, 2025
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web... Moderate Unreviewed
CVE-2023-38548 was published Nov 14, 2023
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
The product transmits or stores authentication credentials, but it uses an insecure method that... Moderate Unreviewed
CVE-2024-37362 was published Feb 20, 2025
Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive... Moderate Unreviewed
CVE-2024-3543 was published May 2, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen,... Moderate Unreviewed
CVE-2024-42012 was published Jan 22, 2025
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed
CVE-2020-8657 was published May 24, 2022
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure... Moderate Unreviewed
CVE-2024-28961 was published Apr 29, 2024
An HPE OneView appliance dump may expose OneView user accounts Moderate Unreviewed
CVE-2023-28087 was published Apr 25, 2023
An HPE OneView appliance dump may expose proxy credential settings Moderate Unreviewed
CVE-2023-28086 was published Apr 25, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32988 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly... Moderate Unreviewed
CVE-2025-0619 was published Jan 23, 2025
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical... Moderate Unreviewed
CVE-2022-46142 was published Dec 13, 2022
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to... Moderate Unreviewed
CVE-2024-31899 was published Sep 26, 2024
When an attacker manages to get access to the local memory, or the memory dump of a victim, for... Moderate Unreviewed
CVE-2021-38150 was published May 24, 2022
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view... Moderate Unreviewed
CVE-2024-56354 was published Dec 20, 2024
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical... Moderate Unreviewed
CVE-2022-33954 was published Dec 19, 2024
Claris International has successfully resolved an issue of potentially exposing password... Moderate Unreviewed
CVE-2023-42955 was published May 14, 2024
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions <... Moderate Unreviewed
CVE-2024-53832 was published Dec 10, 2024
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center ... Moderate Unreviewed
CVE-2021-1126 was published May 24, 2022
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident... Moderate Unreviewed
CVE-2024-6749 was published Nov 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database