GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,087
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,086
Maven 5,251
npm 3,747
NuGet 674
pip 3,436
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,563

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

298 advisories

Filter by severity

Sort by

Least recently updated

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network... High Unreviewed

CVE-2024-29071 was published Mar 25, 2024

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed

CVE-2022-47037 was published Mar 18, 2024

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed

CVE-2023-27975 was published Feb 14, 2024

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed

CVE-2024-22432 was published Jan 25, 2024

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed

CVE-2023-6421 was published Jan 1, 2024

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed

CVE-2023-32268 was published Dec 6, 2023

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed

CVE-2023-6254 was published Nov 27, 2023

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed

CVE-2023-44303 was published Nov 24, 2023

Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed

CVE-2023-43905 was published Oct 26, 2023

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed

CVE-2023-5552 was published Oct 18, 2023

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed

CVE-2022-44757 was published Oct 11, 2023

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed

CVE-2023-43634 was published Sep 21, 2023

On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed

CVE-2023-43631 was published Sep 21, 2023

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed

CVE-2023-43633 was published Sep 21, 2023

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed

CVE-2023-43630 was published Sep 20, 2023

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed

CVE-2023-25532 was published Sep 20, 2023

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed

CVE-2023-35067 was published Jul 25, 2023

An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to... High Unreviewed

CVE-2023-31824 was published Jul 13, 2023

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed

CVE-2020-18406 was published Jun 27, 2023

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed

CVE-2022-47376 was published Jun 13, 2023

The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed

CVE-2023-29168 was published Jun 8, 2023

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it... High Unreviewed

CVE-2023-22862 was published Jun 5, 2023

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could... High Unreviewed

CVE-2023-25740 was published Jun 2, 2023

In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed

CVE-2023-33263 was published May 25, 2023

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. ... High Unreviewed

CVE-2023-24506 was published May 8, 2023

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

298 advisories