GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System...
High
Unreviewed
CVE-2023-35067
was published
Jul 25, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to...
High
Unreviewed
CVE-2023-31824
was published
Jul 13, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file....
Critical
Unreviewed
CVE-2023-34128
was published
Jul 13, 2023
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials
Moderate
CVE-2023-37951
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the...
Moderate
Unreviewed
CVE-2023-36266
was published
Jul 12, 2023
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username...
Moderate
Unreviewed
CVE-2022-37935
was published
Jul 6, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve...
Moderate
Unreviewed
CVE-2022-28291
was published
Jul 6, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text...
High
Unreviewed
CVE-2020-18406
was published
Jun 27, 2023
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ...
Moderate
Unreviewed
CVE-2023-35789
was published
Jun 16, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password...
High
Unreviewed
CVE-2022-47376
was published
Jun 13, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which...
Moderate
Unreviewed
CVE-2023-33620
was published
Jun 13, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed...
High
Unreviewed
CVE-2023-29168
was published
Jun 8, 2023
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build...
Moderate
Unreviewed
CVE-2023-27126
was published
Jun 6, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it...
High
Unreviewed
CVE-2023-22862
was published
Jun 5, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
Moderate
Unreviewed
CVE-2023-31187
was published
May 30, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini...
High
Unreviewed
CVE-2023-33263
was published
May 25, 2023
Pimcore customers' list user password hash is disclosed
Moderate
CVE-2023-2881
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 25, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool...
Moderate
Unreviewed
CVE-2023-1763
was published
May 17, 2023
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Low
CVE-2023-33000
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API