GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
334 advisories
Filter by severity
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F...
High
Unreviewed
CVE-2023-0457
was published
Mar 3, 2023
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line,...
High
Unreviewed
CVE-2021-28498
was published
May 24, 2022
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments...
High
Unreviewed
CVE-2022-22557
was published
Jun 3, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
An unauthorized user with network access and the decryption key could decrypt sensitive data,...
High
Unreviewed
CVE-2022-38469
was published
Jan 18, 2023
Windows AppContainer Elevation Of Privilege Vulnerability
High
Unreviewed
CVE-2021-40476
was published
May 24, 2022
Containous Traefik Exposes Password Hashes
High
CVE-2019-12452
was published
for
github.com/traefik/traefik
(Go)
May 24, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x...
High
Unreviewed
CVE-2020-26515
was published
May 24, 2022
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila,...
High
Unreviewed
CVE-2020-27781
was published
May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption),...
High
Unreviewed
CVE-2021-39289
was published
May 24, 2022
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account...
High
Unreviewed
CVE-2023-43905
was published
Oct 26, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text...
High
Unreviewed
CVE-2023-6254
was published
Nov 27, 2023
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile...
High
Unreviewed
CVE-2020-8968
was published
Dec 18, 2021
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the...
High
Unreviewed
CVE-2023-44303
was published
Nov 24, 2023
Jenkins jira-ext Plugin stores credentials unencrypted
High
CVE-2019-10302
was published
for
org.jenkins-ci.plugins:jira-ext
(Maven)
May 24, 2022
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
High
CVE-2019-10347
was published
for
javagh.jenkins:mashup-portlets-plugin
(Maven)
May 24, 2022
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
High
CVE-2019-10460
was published
for
org.jenkins-ci.plugins:bitbucket-oauth
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API