GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,479

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

530 advisories

Filter by severity

Sort by

Least recently updated

there is a possible use of unencrypted transport over cellular networks due to an insecure... High Unreviewed

CVE-2023-21220 was published Jun 28, 2023

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to... High Unreviewed

CVE-2023-31410 was published Jun 19, 2023

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File... High Unreviewed

CVE-2023-23841 was published Jun 16, 2023

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without... Moderate Unreviewed

CVE-2023-31195 was published Jun 13, 2023

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS... Moderate Unreviewed

CVE-2022-41327 was published Jun 13, 2023

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow... High Unreviewed

CVE-2023-1899 was published Jun 12, 2023

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information... Moderate Unreviewed

CVE-2023-27861 was published Jun 5, 2023

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan... Critical Unreviewed

CVE-2023-33730 was published May 31, 2023

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker... High Unreviewed

CVE-2023-28348 was published May 31, 2023

html inputs of type password recorded in plaintext when converted to text inputs Moderate

CVE-2023-33187 was published for highlight.run (npm) May 26, 2023

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a... High Unreviewed

CVE-2023-31193 was published May 22, 2023

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause... Critical Unreviewed

CVE-2022-46680 was published May 22, 2023

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A),... Moderate Unreviewed

CVE-2023-0864 was published May 17, 2023

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory... High Unreviewed

CVE-2023-32784 was published May 15, 2023

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical... Critical Unreviewed

CVE-2023-30354 was published May 10, 2023

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2... Moderate Unreviewed

CVE-2023-25070 was published May 10, 2023

Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an... Moderate Unreviewed

CVE-2023-29681 was published May 2, 2023

Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows... Moderate Unreviewed

CVE-2023-29680 was published May 2, 2023

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain... High Unreviewed

CVE-2023-25437 was published Apr 27, 2023

Ironic and ironic-inspector may expose as ConfigMaps Moderate

CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0... Moderate Unreviewed

CVE-2019-14942 was published Apr 16, 2023

Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials Moderate

CVE-2023-30515 was published for io.jenkins.plugins:thycotic-devops-secrets-vault (Maven) Apr 12, 2023

Jenkins Kubernetes Plugin does not properly mask credentials Moderate

CVE-2023-30513 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) Apr 12, 2023

Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate

CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials... High Unreviewed

CVE-2023-1802 was published Apr 6, 2023

Previous 1 2 3 4 5 6 7 8 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

530 advisories