Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed
CVE-2022-4308 was published Apr 19, 2023
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows... High Unreviewed
CVE-2023-25760 was published Apr 19, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access... High Unreviewed
CVE-2023-25407 was published Apr 11, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated... High Unreviewed
CVE-2023-25413 was published Apr 11, 2023
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in... High Unreviewed
CVE-2022-48433 was published Mar 29, 2023
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being... High Unreviewed
CVE-2023-1518 was published Mar 28, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... High Unreviewed
CVE-2023-1137 was published Mar 27, 2023
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F... High Unreviewed
CVE-2023-0457 was published Mar 3, 2023
TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5... High Unreviewed
CVE-2022-47703 was published Feb 17, 2023
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,... High Unreviewed
CVE-2022-40678 was published Feb 16, 2023
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through... High Unreviewed
CVE-2023-23463 was published Feb 15, 2023
Media CP Media Control Panel latest version. Insufficiently protected credential change. High Unreviewed
CVE-2023-23466 was published Feb 15, 2023
An uspecified endpoint in the web server of the switch does not properly authenticate the user... High Unreviewed
CVE-2023-24498 was published Feb 15, 2023
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12... High Unreviewed
CVE-2023-25191 was published Feb 15, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
In freeradius, the EAP-PWD function compute_password_element() leaks information about the... High Unreviewed
CVE-2022-41859 was published Jan 17, 2023
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson... High Unreviewed
CVE-2021-36204 was published Jan 13, 2023
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5... High Unreviewed
CVE-2022-2967 was published Jan 4, 2023
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials.... High Unreviewed
CVE-2022-45423 was published Dec 27, 2022
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1,... High Unreviewed
CVE-2022-26341 was published Nov 11, 2022
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3... High Unreviewed
CVE-2022-41575 was published Oct 21, 2022
On cSRX Series devices software permission issues in the container filesystem and stored files... High Unreviewed
CVE-2022-22251 was published Oct 18, 2022
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete... High Unreviewed
CVE-2019-14840 was published Oct 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database