Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

640 advisories

Loading
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text... Low Unreviewed
CVE-2019-4566 was published May 24, 2022
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS... High Unreviewed
CVE-2018-19981 was published May 13, 2022
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local... High Unreviewed
CVE-2018-19009 was published May 13, 2022
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which... High Unreviewed
CVE-2018-12572 was published May 13, 2022
Unencrypted storage of client side sessions Moderate
CVE-2021-29481 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1... Moderate Unreviewed
CVE-2019-3612 was published May 13, 2022
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee... Moderate Unreviewed
CVE-2019-3606 was published May 13, 2022
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010)... Critical Unreviewed
CVE-2019-0285 was published May 13, 2022
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0... Moderate Unreviewed
CVE-2022-45439 was published Jan 17, 2023
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the... Moderate Unreviewed
CVE-2021-42066 was published Dec 15, 2021
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information,... High Unreviewed
CVE-2021-43388 was published Dec 15, 2021
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81... Moderate Unreviewed
CVE-2019-5765 was published May 13, 2022
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk... High Unreviewed
CVE-2017-3214 was published May 13, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive... High Unreviewed
CVE-2018-1877 was published May 13, 2022
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always... Moderate Unreviewed
CVE-2018-5559 was published May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain... Moderate Unreviewed
CVE-2018-1621 was published May 13, 2022
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS)... High Unreviewed
CVE-2018-0089 was published May 13, 2022
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and... High Unreviewed
CVE-2017-9663 was published May 13, 2022
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the... Moderate Unreviewed
CVE-2018-17489 was published May 13, 2022
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used... Critical Unreviewed
CVE-2017-5249 was published May 13, 2022
An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of... Moderate Unreviewed
CVE-2022-3540 was published Oct 17, 2022
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the... Critical Unreviewed
CVE-2017-5250 was published May 13, 2022
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive... High Unreviewed
CVE-2018-10871 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database