GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
223 advisories
Filter by severity
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being...
Moderate
Unreviewed
CVE-2023-23130
was published
Feb 1, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when...
Moderate
Unreviewed
CVE-2023-22863
was published
Jan 18, 2023
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version...
Moderate
Unreviewed
CVE-2023-22597
was published
Jan 13, 2023
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to...
Moderate
Unreviewed
CVE-2020-4497
was published
Dec 15, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is...
Moderate
Unreviewed
CVE-2020-9420
was published
Dec 14, 2022
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer...
Moderate
Unreviewed
CVE-2022-45877
was published
Dec 8, 2022
In certain Secustation products the administrator account password can be read. This affects V2.5...
Moderate
Unreviewed
CVE-2022-40939
was published
Dec 8, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected...
Moderate
Unreviewed
CVE-2022-45478
was published
Dec 5, 2022
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the...
Moderate
Unreviewed
CVE-2022-45480
was published
Dec 2, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected...
Moderate
Unreviewed
CVE-2022-45483
was published
Dec 2, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An...
Moderate
Unreviewed
CVE-2021-35246
was published
Nov 23, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text...
Moderate
Unreviewed
CVE-2021-38828
was published
Nov 14, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information...
Moderate
Unreviewed
CVE-2022-38710
was published
Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in...
Moderate
Unreviewed
CVE-2021-39077
was published
Nov 4, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5...
Moderate
Unreviewed
CVE-2022-32227
was published
Sep 25, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain...
Moderate
Unreviewed
CVE-2022-38846
was published
Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive...
Moderate
Unreviewed
CVE-2022-30312
was published
Sep 8, 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in...
Moderate
Unreviewed
CVE-2022-2338
was published
Aug 18, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local...
Moderate
Unreviewed
CVE-2022-20243
was published
Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-34704
was published
Aug 10, 2022
Cleartext transmission of sensitive information vulnerability in authentication management in...
Moderate
Unreviewed
CVE-2022-27619
was published
Aug 4, 2022
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server...
Moderate
Unreviewed
CVE-2022-28861
was published
Jul 22, 2022
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this...
Moderate
Unreviewed
CVE-2017-20109
was published
Jun 30, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack...
Moderate
Unreviewed
CVE-2022-1524
was published
Jun 25, 2022
ProTip!
Advisories are also available from the
GraphQL API