Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in... High Unreviewed
CVE-2023-41610 was published Sep 18, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an... High Unreviewed
CVE-2024-20489 was published Sep 11, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to... High Unreviewed
CVE-2024-44815 was published Sep 10, 2024
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords... High Unreviewed
CVE-2024-36460 was published Aug 12, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec High
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal... High Unreviewed
CVE-2024-27166 was published Jun 14, 2024
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions High Unreviewed
CVE-2022-0555 was published Jun 3, 2024
An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary... High Unreviewed
CVE-2024-28736 was published May 31, 2024
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's... High Unreviewed
CVE-2024-3624 was published Apr 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default database secret... High Unreviewed
CVE-2024-3623 was published Apr 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is... High Unreviewed
CVE-2024-3622 was published Apr 25, 2024
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on... High Unreviewed
CVE-2024-3625 was published Apr 25, 2024
Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read... High Unreviewed
CVE-2023-6518 was published Feb 8, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly... High Unreviewed
CVE-2023-39452 was published Sep 18, 2023
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages... High Unreviewed
CVE-2022-3261 was published Sep 15, 2023
Keycloak vulnerable to Plaintext Storage of User Password High
CVE-2023-4918 was published for org.keycloak:keycloak-core (Maven) Sep 12, 2023
dasniko lme-atolcd
?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could... High Unreviewed
CVE-2023-39227 was published Sep 11, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed
CVE-2022-4308 was published Apr 19, 2023
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F... High Unreviewed
CVE-2023-0457 was published Mar 3, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its... High Unreviewed
CVE-2022-1794 was published Jul 12, 2022
Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0 High
CVE-2022-31044 was published for org.rundeck:rundeck (Maven) Jun 17, 2022
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments... High Unreviewed
CVE-2022-22557 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database