Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

531 advisories

Loading
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed
CVE-2020-4497 was published Dec 15, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is... Moderate Unreviewed
CVE-2020-9420 was published Dec 14, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software... Critical Unreviewed
CVE-2022-43724 was published Dec 13, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer... Moderate Unreviewed
CVE-2022-45877 was published Dec 8, 2022
In certain Secustation products the administrator account password can be read. This affects V2.5... Moderate Unreviewed
CVE-2022-40939 was published Dec 8, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45478 was published Dec 5, 2022
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed
CVE-2022-45480 was published Dec 2, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45483 was published Dec 2, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication... High Unreviewed
CVE-2022-44411 was published Nov 25, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An... Moderate Unreviewed
CVE-2021-35246 was published Nov 23, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-43691 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text... Moderate Unreviewed
CVE-2021-38828 was published Nov 14, 2022
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote... High Unreviewed
CVE-2022-38122 was published Nov 10, 2022
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic... Critical Unreviewed
CVE-2022-33321 was published Nov 9, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in... Moderate Unreviewed
CVE-2021-39077 was published Nov 4, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25... High Unreviewed
CVE-2021-45447 was published Nov 2, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using... High Unreviewed
CVE-2022-42916 was published Oct 29, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20... High Unreviewed
CVE-2022-41636 was published Oct 28, 2022
Free5gc v3.2.1 is vulnerable to Information disclosure. Low Unreviewed
CVE-2022-38870 was published Oct 25, 2022
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7,... Low Unreviewed
CVE-2022-41983 was published Oct 20, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed
CVE-2022-3206 was published Oct 17, 2022
tiny-csrf has openly visible CSRF tokens High
CVE-2022-39287 was published for tiny-csrf (npm) Oct 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database