Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive... High Unreviewed
CVE-2018-1877 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain... Moderate Unreviewed
CVE-2018-1621 was published May 13, 2022
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the... Moderate Unreviewed
CVE-2018-17489 was published May 13, 2022
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive... High Unreviewed
CVE-2018-10871 was published May 13, 2022
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS)... High Unreviewed
CVE-2018-0089 was published May 13, 2022
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and... High Unreviewed
CVE-2017-9663 was published May 13, 2022
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the... Critical Unreviewed
CVE-2017-5250 was published May 13, 2022
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used... Critical Unreviewed
CVE-2017-5249 was published May 13, 2022
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in... High Unreviewed
CVE-2017-1309 was published May 13, 2022
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... High Unreviewed
CVE-2017-13663 was published May 13, 2022
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous... Moderate Unreviewed
CVE-2017-14990 was published May 13, 2022
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true"... High Unreviewed
CVE-2017-16835 was published May 13, 2022
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of... Moderate Unreviewed
CVE-2017-2723 was published May 13, 2022
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital... Moderate Unreviewed
CVE-2018-10812 was published May 13, 2022
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally... Moderate Unreviewed
CVE-2018-11242 was published May 13, 2022
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management... Critical Unreviewed
CVE-2018-18394 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... Critical Unreviewed
CVE-2018-18641 was published May 13, 2022
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non... Moderate Unreviewed
CVE-2018-19279 was published May 13, 2022
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to... High Unreviewed
CVE-2018-9065 was published May 13, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which... Moderate Unreviewed
CVE-2008-6157 was published May 17, 2022
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity... Moderate Unreviewed
CVE-2008-6828 was published May 17, 2022
Jenkins SonarQube Plugin Stores Passwords in Cleartext Moderate
CVE-2013-5676 was published for org.jenkins-ci.plugins:sonar (Maven) May 17, 2022
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to... Moderate Unreviewed
CVE-2011-4723 was published May 17, 2022
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain... Moderate Unreviewed
CVE-2022-22484 was published May 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database