Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed
CVE-2020-18406 was published Jun 27, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed
CVE-2022-47376 was published Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed
CVE-2023-29168 was published Jun 8, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed
CVE-2023-33263 was published May 25, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. ... High Unreviewed
CVE-2023-24506 was published May 8, 2023
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40... High Unreviewed
CVE-2023-2335 was published Apr 27, 2023
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS,... High Unreviewed
CVE-2023-26567 was published Apr 26, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials High Unreviewed
CVE-2023-28088 was published Apr 25, 2023
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm,... High Unreviewed
CVE-2021-33589 was published Apr 21, 2023
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows... High Unreviewed
CVE-2023-25760 was published Apr 19, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed
CVE-2022-4308 was published Apr 19, 2023
In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable... High Unreviewed
CVE-2021-3141 was published May 24, 2022
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and... High Unreviewed
CVE-2019-10716 was published May 24, 2022
An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative... High Unreviewed
CVE-2019-11769 was published May 24, 2022
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain... High Unreviewed
CVE-2019-13348 was published May 24, 2022
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user... High Unreviewed
CVE-2019-10960 was published May 24, 2022
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to... High Unreviewed
CVE-2019-3800 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database