Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

489 advisories

Loading
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored... High Unreviewed
CVE-2023-37192 was published Jul 7, 2023
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An... High Unreviewed
CVE-2023-30602 was published Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and... Low Unreviewed
CVE-2023-33849 was published Jun 8, 2023
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely... High Unreviewed
CVE-2023-34258 was published May 31, 2023
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data... High Unreviewed
CVE-2023-28045 was published May 19, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed
CVE-2023-21404 was published May 8, 2023
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is... High Unreviewed
CVE-2023-32290 was published May 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access... Moderate Unreviewed
CVE-2023-22948 was published Apr 13, 2023
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.... Critical Unreviewed
CVE-2023-0750 was published Apr 6, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed
CVE-2022-38458 was published Mar 21, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls... Moderate Unreviewed
CVE-2022-21940 was published Feb 9, 2023
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. Moderate Unreviewed
CVE-2022-47715 was published Feb 1, 2023
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore... Moderate Unreviewed
CVE-2023-23127 was published Feb 1, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
Noise vulnerable to denial of service High
CVE-2021-4239 was published for github.com/flynn/noise (Go) Dec 28, 2022
BigFix deployments that have installed the Notification Service on Windows are susceptible to... High Unreviewed
CVE-2022-38658 was published Dec 24, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the... Moderate Unreviewed
CVE-2022-3781 was published Nov 2, 2022
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database