Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing... High Unreviewed
CVE-2022-30018 was published May 20, 2022
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1,... High Unreviewed
CVE-2022-26341 was published Nov 11, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Information disclosure: The main configuration, including users and their hashed passwords, is... High Unreviewed
CVE-2021-23858 was published May 24, 2022
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed... High Unreviewed
CVE-2021-23019 was published May 24, 2022
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who... High Unreviewed
CVE-2022-34838 was published Aug 25, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed
CVE-2020-24396 was published May 24, 2022
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an... High Unreviewed
CVE-2020-8259 was published May 24, 2022
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to... High Unreviewed
CVE-2022-31205 was published Jul 27, 2022
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it... High Unreviewed
CVE-2020-8183 was published May 24, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,... High Unreviewed
CVE-2022-28371 was published Jul 15, 2022
Implemented protections on AWS credentials that were not properly protected. High Unreviewed
CVE-2022-22998 was published Jul 13, 2022
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all... High Unreviewed
CVE-2022-30296 was published Aug 19, 2022
Insufficiently Protected Credentials in PowerJob High
CVE-2020-28865 was published for com.github.kfcfans:powerjob (Maven) Jun 17, 2022
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all... High Unreviewed
CVE-2022-26844 was published Aug 19, 2022
The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2021-35495 was published May 24, 2022
In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users... High Unreviewed
CVE-2021-42557 was published May 24, 2022
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch,... High Unreviewed
CVE-2020-16839 was published May 24, 2022
Specific BD Pyxis™ products were installed with default credentials and may presently still... High Unreviewed
CVE-2022-22767 was published Jun 3, 2022
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3... High Unreviewed
CVE-2022-22396 was published Jun 7, 2022
An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can... High Unreviewed
CVE-2021-3154 was published May 24, 2022
DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and... High Unreviewed
CVE-2020-12734 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could... High Unreviewed
CVE-2021-20415 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database