GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
144 advisories
Filter by severity
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache...
Critical
Unreviewed
CVE-2024-44000
was published
Oct 20, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's...
Critical
Unreviewed
CVE-2024-32238
was published
Apr 22, 2024
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command...
Critical
Unreviewed
CVE-2024-21815
was published
Mar 5, 2024
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source...
Critical
Unreviewed
CVE-2023-27132
was published
Oct 17, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
Critical
Unreviewed
CVE-2023-25531
was published
Sep 20, 2023
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated...
Critical
Unreviewed
CVE-2022-45611
was published
Aug 22, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the...
Critical
Unreviewed
CVE-2023-20965
was published
Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain...
Critical
Unreviewed
CVE-2023-36082
was published
Aug 3, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file....
Critical
Unreviewed
CVE-2023-34128
was published
Jul 13, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ...
Critical
Unreviewed
CVE-2023-1778
was published
Apr 27, 2023
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal...
Critical
Unreviewed
CVE-2023-28131
was published
Apr 24, 2023
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file...
Critical
Unreviewed
CVE-2022-45599
was published
Feb 23, 2023
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
Critical
Unreviewed
CVE-2022-43969
was published
Feb 16, 2023
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1...
Critical
Unreviewed
CVE-2022-47697
was published
Jan 31, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in...
Critical
Unreviewed
CVE-2022-32518
was published
Jan 31, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in...
Critical
Unreviewed
CVE-2022-32520
was published
Jan 31, 2023
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in...
Critical
Unreviewed
CVE-2022-32519
was published
Jan 31, 2023
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated...
Critical
Unreviewed
CVE-2022-45276
was published
Nov 23, 2022
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is...
Critical
Unreviewed
CVE-2022-37109
was published
Nov 15, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
Critical
Unreviewed
CVE-2020-15347
was published
Sep 30, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may...
Critical
Unreviewed
CVE-2022-30601
was published
Aug 19, 2022
ProTip!
Advisories are also available from the
GraphQL API