Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative... Critical Unreviewed
CVE-2020-15921 was published May 24, 2022
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems... Critical Unreviewed
CVE-2019-3431 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14929 was published May 24, 2022
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface... Critical Unreviewed
CVE-2019-13400 was published May 24, 2022
LemonLDAP::NG -2.0.3 has Incorrect Access Control. Critical Unreviewed
CVE-2019-12046 was published May 24, 2022
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows... Critical Unreviewed
CVE-2019-11350 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615... Critical Unreviewed
CVE-2020-26097 was published May 24, 2022
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command... Critical Unreviewed
CVE-2024-21815 was published Mar 5, 2024
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed
CVE-2022-45611 was published Aug 22, 2023
Potential leak of authentication data to 3rd parties Critical
CVE-2023-30846 was published for typed-rest-client (npm) Apr 27, 2023
yahavi JLLeitschuh
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Critical Unreviewed
CVE-2021-30116 was published May 24, 2022
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3... Critical Unreviewed
CVE-2022-28005 was published May 7, 2022
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is... Critical Unreviewed
CVE-2022-37109 was published Nov 15, 2022
The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials... Critical Unreviewed
CVE-2019-15052 was published May 24, 2022
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file... Critical Unreviewed
CVE-2022-45599 was published Feb 23, 2023
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2... Critical Unreviewed
CVE-2018-7820 was published May 24, 2022
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. Critical Unreviewed
CVE-2022-43969 was published Feb 16, 2023
A security regression of CVE-2019-9636 was discovered in python since commit... Critical Unreviewed
CVE-2019-10160 was published May 24, 2022
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32520 was published Jan 31, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32518 was published Jan 31, 2023
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32519 was published Jan 31, 2023
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... Critical Unreviewed
CVE-2022-47697 was published Jan 31, 2023
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files... Critical Unreviewed
CVE-2021-37401 was published Dec 29, 2021
An attacker may obtain the user credentials from the communication between the PLC and the... Critical Unreviewed
CVE-2021-37400 was published Dec 29, 2021
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by... Critical Unreviewed
CVE-2018-9031 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database