GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,960
Composer 4,279
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,421
Pub 12
RubyGems 891
Rust 873
Swift 36

Unreviewed advisories

All unreviewed 238,854

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,067 advisories

Filter by severity

Sort by

Least recently updated

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical... Moderate Unreviewed

CVE-2024-31800 was published Aug 15, 2024

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive... Moderate Unreviewed

CVE-2024-40704 was published Aug 15, 2024

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison... Moderate Unreviewed

CVE-2024-7813 was published Aug 15, 2024

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed

CVE-2024-39818 was published Aug 14, 2024

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords... High Unreviewed

CVE-2024-36460 was published Aug 12, 2024

Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate

CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub... Critical Unreviewed

CVE-2024-6118 was published Aug 5, 2024

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed

CVE-2024-7389 was published Aug 2, 2024

A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an... Moderate Unreviewed

CVE-2024-3082 was published Jul 31, 2024

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote... High Unreviewed

CVE-2024-6492 was published Jul 16, 2024

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain... Moderate Unreviewed

CVE-2024-39733 was published Jul 14, 2024

The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed

CVE-2024-38453 was published Jul 3, 2024

The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed

CVE-2023-41926 was published Jul 2, 2024

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile... Moderate Unreviewed

CVE-2024-39879 was published Jul 1, 2024

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App... Moderate Unreviewed

CVE-2024-39878 was published Jul 1, 2024

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site Moderate Unreviewed

CVE-2024-38505 was published Jun 18, 2024

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This... Low Unreviewed

CVE-2024-30119 was published Jun 15, 2024

Utilizing default credentials, an attacker is able to log into the camera's operating system... Unknown Unreviewed

CVE-2024-38282 was published Jun 13, 2024

Logs storing credentials are insufficiently protected and can be decoded through the use of open... Unknown Unreviewed

CVE-2024-38285 was published Jun 13, 2024

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by... Moderate Unreviewed

CVE-2024-25052 was published Jun 13, 2024

An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout,... Moderate Unreviewed

CVE-2024-26330 was published Jun 11, 2024

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed

CVE-2024-35208 was published Jun 11, 2024

Docker CLI leaks private registry credentials to registry-1.docker.io Moderate

CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed

CVE-2024-37051 was published Jun 10, 2024

Password hash exposed in CraftCMS two factor authentication plugin Low

CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024

Previous 1 2 3 4 5 … 42 43 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,067 advisories