Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson... High Unreviewed
CVE-2021-36204 was published Jan 13, 2023
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5,... High Unreviewed
CVE-2022-0738 was published Mar 29, 2022
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37075 was published Dec 9, 2021
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an... High Unreviewed
CVE-2022-26948 was published Mar 31, 2022
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose... High Unreviewed
CVE-2022-1026 was published Apr 5, 2022
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on... High Unreviewed
CVE-2022-24978 was published Apr 6, 2022
The programming protocol allows for a previously entered password and lock state to be read by an... High Unreviewed
CVE-2021-32978 was published Apr 5, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but... High Unreviewed
CVE-2021-33024 was published Apr 3, 2022
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All... High Unreviewed
CVE-2021-45077 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A... High Unreviewed
CVE-2021-20168 was published Dec 31, 2021
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701,... High Unreviewed
CVE-2022-29457 was published Apr 19, 2022
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A... High Unreviewed
CVE-2022-26856 was published Apr 22, 2022
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text High
CVE-2018-1000403 was published for com.amazonaws:codedeploy (Maven) May 13, 2022
westonsteimel
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the... High Unreviewed
CVE-2021-3131 was published May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain... High Unreviewed
CVE-2020-35455 was published May 24, 2022
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful... High Unreviewed
CVE-2021-22351 was published May 24, 2022
There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful... High Unreviewed
CVE-2021-22324 was published May 24, 2022
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in... High Unreviewed
CVE-2020-29323 was published May 24, 2022
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through... High Unreviewed
CVE-2020-29322 was published May 24, 2022
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful... High Unreviewed
CVE-2021-22370 was published May 24, 2022
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows... High Unreviewed
CVE-2020-35580 was published May 24, 2022
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through... High Unreviewed
CVE-2020-29321 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could... High Unreviewed
CVE-2021-20415 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database