Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

292 advisories

Loading
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password... High Unreviewed
CVE-2018-11079 was published May 13, 2022
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1... High Unreviewed
CVE-2018-1139 was published May 13, 2022
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be... High Unreviewed
CVE-2018-1498 was published May 13, 2022
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to... High Unreviewed
CVE-2018-1074 was published May 13, 2022
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be... High Unreviewed
CVE-2017-7510 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP... High Unreviewed
CVE-2019-9868 was published May 13, 2022
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The... High Unreviewed
CVE-2019-9867 was published May 13, 2022
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading... High Unreviewed
CVE-2019-7300 was published May 13, 2022
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password... High Unreviewed
CVE-2019-6242 was published May 13, 2022
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated... High Unreviewed
CVE-2019-10630 was published May 13, 2022
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in... High Unreviewed
CVE-2018-18656 was published May 13, 2022
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain... High Unreviewed
CVE-2018-17500 was published May 13, 2022
A vulnerability in the web-based management interface of Cisco Unified Communications Manager... High Unreviewed
CVE-2018-0474 was published May 13, 2022
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway... High Unreviewed
CVE-2019-6549 was published May 13, 2022
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication... High Unreviewed
CVE-2019-3782 was published May 13, 2022
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains... High Unreviewed
CVE-2019-3780 was published May 13, 2022
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as... High Unreviewed
CVE-2019-0035 was published May 13, 2022
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session... High Unreviewed
CVE-2018-20781 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9557 was published May 13, 2022
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and... High Unreviewed
CVE-2018-13822 was published May 13, 2022
An exploitable clear text transmission of password vulnerability exists in the web server and... High Unreviewed
CVE-2017-12123 was published May 13, 2022
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of... High Unreviewed
CVE-2007-0681 was published May 1, 2022
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by... High Unreviewed
CVE-2005-3435 was published May 1, 2022
CGI Script Center News Update 1.1 does not properly validate the original news administration... High Unreviewed
CVE-2000-0944 was published Apr 30, 2022
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access... High Unreviewed
CVE-1999-0013 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database