Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a... High Unreviewed
CVE-2021-20389 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a... High Unreviewed
CVE-2019-4723 was published May 24, 2022
A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3),... High Unreviewed
CVE-2021-27392 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a... High Unreviewed
CVE-2019-4724 was published May 24, 2022
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. High Unreviewed
CVE-2021-28857 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all... High Unreviewed
CVE-2021-22778 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all... High Unreviewed
CVE-2021-22780 was published May 24, 2022
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user... High Unreviewed
CVE-2021-20439 was published May 24, 2022
Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage... High Unreviewed
CVE-2020-5315 was published May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2... High Unreviewed
CVE-2021-27491 was published May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2... High Unreviewed
CVE-2021-27495 was published May 24, 2022
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers... High Unreviewed
CVE-2021-38165 was published May 24, 2022
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the... High Unreviewed
CVE-2021-20260 was published Aug 27, 2022
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to... High Unreviewed
CVE-2021-41297 was published May 24, 2022
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an... High Unreviewed
CVE-2021-3787 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... High Unreviewed
CVE-2021-38460 was published May 24, 2022
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30... High Unreviewed
CVE-2021-35033 was published May 24, 2022
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3... High Unreviewed
CVE-2019-11820 was published May 24, 2022
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7... High Unreviewed
CVE-2021-40503 was published May 24, 2022
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get... High Unreviewed
CVE-2020-8994 was published May 24, 2022
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static... High Unreviewed
CVE-2022-36524 was published Aug 16, 2022
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials High
CVE-2017-1000387 was published for org.jenkins-ci.plugins:build-publisher (Maven) May 13, 2022
Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials High
CVE-2019-10461 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete... High Unreviewed
CVE-2019-14840 was published Oct 17, 2022
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost.... High Unreviewed
CVE-2021-35050 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database