GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
349 advisories
Filter by severity
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson...
High
Unreviewed
CVE-2021-36204
was published
Jan 13, 2023
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5,...
High
Unreviewed
CVE-2022-0738
was published
Mar 29, 2022
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful...
High
Unreviewed
CVE-2021-37075
was published
Dec 9, 2021
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an...
High
Unreviewed
CVE-2022-26948
was published
Mar 31, 2022
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose...
High
Unreviewed
CVE-2022-1026
was published
Apr 5, 2022
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on...
High
Unreviewed
CVE-2022-24978
was published
Apr 6, 2022
The programming protocol allows for a previously entered password and lock state to be read by an...
High
Unreviewed
CVE-2021-32978
was published
Apr 5, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but...
High
Unreviewed
CVE-2021-33024
was published
Apr 3, 2022
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All...
High
Unreviewed
CVE-2021-45077
was published
Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A...
High
Unreviewed
CVE-2021-20168
was published
Dec 31, 2021
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701,...
High
Unreviewed
CVE-2022-29457
was published
Apr 19, 2022
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A...
High
Unreviewed
CVE-2022-26856
was published
Apr 22, 2022
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
High
CVE-2021-45457
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the...
High
Unreviewed
CVE-2021-3131
was published
May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain...
High
Unreviewed
CVE-2020-35455
was published
May 24, 2022
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful...
High
Unreviewed
CVE-2021-22351
was published
May 24, 2022
There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful...
High
Unreviewed
CVE-2021-22324
was published
May 24, 2022
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through...
High
Unreviewed
CVE-2020-29322
was published
May 24, 2022
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in...
High
Unreviewed
CVE-2020-29323
was published
May 24, 2022
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful...
High
Unreviewed
CVE-2021-22370
was published
May 24, 2022
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows...
High
Unreviewed
CVE-2020-35580
was published
May 24, 2022
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through...
High
Unreviewed
CVE-2020-29321
was published
May 24, 2022
IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could...
High
Unreviewed
CVE-2021-20415
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API