Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

263 advisories

Loading
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An... High Unreviewed
CVE-2023-30602 was published Jul 6, 2023
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and... Low Unreviewed
CVE-2023-33849 was published Jun 8, 2023
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely... High Unreviewed
CVE-2023-34258 was published May 31, 2023
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data... High Unreviewed
CVE-2023-28045 was published May 19, 2023
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed
CVE-2023-21404 was published May 8, 2023
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is... High Unreviewed
CVE-2023-32290 was published May 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access... Moderate Unreviewed
CVE-2023-22948 was published Apr 13, 2023
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.... Critical Unreviewed
CVE-2023-0750 was published Apr 6, 2023
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed
CVE-2022-38458 was published Mar 21, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls... Moderate Unreviewed
CVE-2022-21940 was published Feb 9, 2023
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. Moderate Unreviewed
CVE-2022-47715 was published Feb 1, 2023
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore... Moderate Unreviewed
CVE-2023-23127 was published Feb 1, 2023
BigFix deployments that have installed the Notification Service on Windows are susceptible to... High Unreviewed
CVE-2022-38658 was published Dec 24, 2022
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the... Moderate Unreviewed
CVE-2022-3781 was published Nov 2, 2022
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed
CVE-2022-35860 was published Oct 19, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. Moderate Unreviewed
CVE-2020-15330 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc... Critical Unreviewed
CVE-2020-15331 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed
CVE-2020-15344 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess... High Unreviewed
CVE-2020-15340 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed
CVE-2020-15343 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed
CVE-2020-15345 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Moderate Unreviewed
CVE-2020-15346 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed
CVE-2020-15342 was published Sep 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database