Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be... High Unreviewed
CVE-2018-1498 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The... High Unreviewed
CVE-2019-9867 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP... High Unreviewed
CVE-2019-9868 was published May 13, 2022
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary... High Unreviewed
CVE-2021-43978 was published Dec 9, 2021
In freeradius, the EAP-PWD function compute_password_element() leaks information about the... High Unreviewed
CVE-2022-41859 was published Jan 17, 2023
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading... High Unreviewed
CVE-2019-7300 was published May 13, 2022
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password... High Unreviewed
CVE-2019-6242 was published May 13, 2022
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated... High Unreviewed
CVE-2019-10630 was published May 13, 2022
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in... High Unreviewed
CVE-2018-18656 was published May 13, 2022
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain... High Unreviewed
CVE-2018-17500 was published May 13, 2022
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
A vulnerability in the web-based management interface of Cisco Unified Communications Manager... High Unreviewed
CVE-2018-0474 was published May 13, 2022
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway... High Unreviewed
CVE-2019-6549 was published May 13, 2022
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication... High Unreviewed
CVE-2019-3782 was published May 13, 2022
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains... High Unreviewed
CVE-2019-3780 was published May 13, 2022
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as... High Unreviewed
CVE-2019-0035 was published May 13, 2022
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session... High Unreviewed
CVE-2018-20781 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9557 was published May 13, 2022
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and... High Unreviewed
CVE-2018-13822 was published May 13, 2022
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost.... High Unreviewed
CVE-2021-35050 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database