Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

296 advisories

Loading
The skyring-setup command creates random password for mongodb skyring database but it writes... High Unreviewed
CVE-2017-2665 was published May 13, 2022
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password... High Unreviewed
CVE-2017-7524 was published May 13, 2022
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login... High Unreviewed
CVE-2017-9654 was published May 13, 2022
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... High Unreviewed
CVE-2018-10622 was published May 13, 2022
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password... High Unreviewed
CVE-2018-11079 was published May 13, 2022
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1... High Unreviewed
CVE-2018-1139 was published May 13, 2022
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be... High Unreviewed
CVE-2018-1498 was published May 13, 2022
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to... High Unreviewed
CVE-2018-1074 was published May 13, 2022
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be... High Unreviewed
CVE-2017-7510 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP... High Unreviewed
CVE-2019-9868 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The... High Unreviewed
CVE-2019-9867 was published May 13, 2022
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading... High Unreviewed
CVE-2019-7300 was published May 13, 2022
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password... High Unreviewed
CVE-2019-6242 was published May 13, 2022
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated... High Unreviewed
CVE-2019-10630 was published May 13, 2022
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in... High Unreviewed
CVE-2018-18656 was published May 13, 2022
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain... High Unreviewed
CVE-2018-17500 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager... High Unreviewed
CVE-2018-0474 was published May 13, 2022
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway... High Unreviewed
CVE-2019-6549 was published May 13, 2022
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication... High Unreviewed
CVE-2019-3782 was published May 13, 2022
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains... High Unreviewed
CVE-2019-3780 was published May 13, 2022
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as... High Unreviewed
CVE-2019-0035 was published May 13, 2022
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session... High Unreviewed
CVE-2018-20781 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9557 was published May 13, 2022
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and... High Unreviewed
CVE-2018-13822 was published May 13, 2022
An exploitable clear text transmission of password vulnerability exists in the web server and... High Unreviewed
CVE-2017-12123 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database