Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about... Low Unreviewed
CVE-2024-46383 was published Nov 15, 2024
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in... Low Unreviewed
CVE-2023-5359 was published Sep 25, 2024
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores... Low Unreviewed
CVE-2024-40594 was published Jul 6, 2024
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it... Low Unreviewed
CVE-2024-39846 was published Jun 29, 2024
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in... Low Unreviewed
CVE-2024-28024 was published Jun 11, 2024
Password confirmation stored in plain text via registration form in statamic/cms Low
CVE-2024-36119 was published for statamic/cms (Composer) Jun 2, 2024
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted... Low Unreviewed
CVE-2023-46294 was published May 1, 2024
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This... Low Unreviewed
CVE-2024-4235 was published Apr 26, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information... Low Unreviewed
CVE-2023-37396 was published Apr 19, 2024
Jenkins lambdatest-automation Plugin may expose Credentials access token Low
CVE-2023-46653 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The... Low Unreviewed
CVE-2023-44153 was published Sep 27, 2023
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes Low
CVE-2023-41335 was published for matrix-synapse (pip) Sep 26, 2023
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5,... Low Unreviewed
CVE-2023-3950 was published Sep 1, 2023
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected... Low Unreviewed
CVE-2023-4392 was published Aug 17, 2023
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6... Low Unreviewed
CVE-2022-22302 was published Jul 11, 2023
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and... Low Unreviewed
CVE-2023-2863 was published May 24, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form Low
CVE-2023-30528 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller Low
CVE-2023-30527 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in... Low Unreviewed
CVE-2023-23776 was published Mar 7, 2023
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text... Low Unreviewed
CVE-2019-4566 was published May 24, 2022
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory... Low Unreviewed
CVE-2020-15485 was published May 24, 2022
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy... Low Unreviewed
CVE-2020-7516 was published May 24, 2022
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at... Low Unreviewed
CVE-2019-18254 was published May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin Low
CVE-2020-2164 was published for org.jenkins-ci.plugins:artifactory (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database