Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,051 advisories

Loading
Jenkins Serena SRA Deploy Plugin stores credentials in plain text Low
CVE-2019-10296 was published for com.urbancode.ds.jenkins.plugins:sra-deploy (Maven) May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text High
CVE-2019-10294 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text High
CVE-2019-10277 was published for hudson.plugins:starteam (Maven) May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text High
CVE-2019-10280 was published for org.jenkins-ci.plugins:assembla-auth (Maven) May 13, 2022
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway... High Unreviewed
CVE-2019-6549 was published May 13, 2022
Users with Site-level permissions can access files containing the username-encrypted passwords of... Moderate Unreviewed
CVE-2019-5615 was published May 13, 2022
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication... High Unreviewed
CVE-2019-3782 was published May 13, 2022
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains... High Unreviewed
CVE-2019-3780 was published May 13, 2022
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service... Low Unreviewed
CVE-2013-4869 was published May 13, 2022
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM... Critical Unreviewed
CVE-2018-11746 was published May 13, 2022
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as... High Unreviewed
CVE-2019-0035 was published May 13, 2022
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session... High Unreviewed
CVE-2018-20781 was published May 13, 2022
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to... High Unreviewed
CVE-2017-9557 was published May 13, 2022
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products... Low Unreviewed
CVE-2012-3268 was published May 13, 2022
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and... High Unreviewed
CVE-2018-13822 was published May 13, 2022
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote... Critical Unreviewed
CVE-2018-20445 was published May 13, 2022
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x... Moderate Unreviewed
CVE-2014-4806 was published May 13, 2022
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in... Critical Unreviewed
CVE-2017-13771 was published May 13, 2022
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which... Moderate Unreviewed
CVE-2015-5955 was published May 13, 2022
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. Critical Unreviewed
CVE-2018-11742 was published May 13, 2022
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover... Critical Unreviewed
CVE-2018-20383 was published May 13, 2022
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover... Critical Unreviewed
CVE-2018-20386 was published May 13, 2022
The IBM Security Access Manager appliance includes configuration files that contain obfuscated... Moderate Unreviewed
CVE-2015-5013 was published May 13, 2022
Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the... Moderate Unreviewed
CVE-2015-3962 was published May 13, 2022
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs... Critical Unreviewed
CVE-2017-6028 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database