GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,212

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

640 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key... High Unreviewed

CVE-2021-29950 was published May 24, 2022

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to... Moderate Unreviewed

CVE-2021-36158 was published May 24, 2022

Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin Low

CVE-2019-10450 was published for com.elasticbox.jenkins-ci.plugins:elasticbox (Maven) May 24, 2022

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be... Moderate Unreviewed

CVE-2021-20510 was published May 24, 2022

The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt... High Unreviewed

CVE-2020-12731 was published May 24, 2022

An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary... High Unreviewed

CVE-2020-22741 was published May 24, 2022

The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by... Moderate Unreviewed

CVE-2021-31581 was published May 24, 2022

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. High Unreviewed

CVE-2021-37548 was published May 24, 2022

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control... High Unreviewed

CVE-2020-18759 was published May 24, 2022

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle... Moderate Unreviewed

CVE-2020-36473 was published May 24, 2022

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured... High Unreviewed

CVE-2021-31820 was published May 24, 2022

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs... Moderate Unreviewed

CVE-2021-3585 was published Aug 27, 2022

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias... Moderate Unreviewed

CVE-2021-40087 was published May 24, 2022

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all... Moderate Unreviewed

CVE-2021-32942 was published May 24, 2022

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden... Moderate Unreviewed

CVE-2021-36096 was published May 24, 2022

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is... Moderate Unreviewed

CVE-2021-1865 was published May 24, 2022

Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear... High Unreviewed

CVE-2020-19137 was published May 24, 2022

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed

CVE-2021-23182 was published May 24, 2022

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user... Moderate Unreviewed

CVE-2021-29904 was published May 24, 2022

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an... Moderate Unreviewed

CVE-2021-38915 was published May 24, 2022

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can... Moderate Unreviewed

CVE-2021-38911 was published May 24, 2022

Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile... High Unreviewed

CVE-2021-40527 was published May 24, 2022

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0... Moderate Unreviewed

CVE-2020-15935 was published May 24, 2022

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The... High Unreviewed

CVE-2021-42763 was published May 24, 2022

IBM Jazz Team Server products stores user credentials in clear text which can be read by an... Moderate Unreviewed

CVE-2021-29786 was published May 24, 2022

Previous 1…6…26 Next

Previous 1 2 3 4 5 6 7 8 … 25 26 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

640 advisories