GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
144 advisories
Filter by severity
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache...
Critical
Unreviewed
CVE-2024-44000
was published
Oct 20, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity...
Critical
Unreviewed
CVE-2017-9248
was published
May 13, 2022
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's...
Critical
Unreviewed
CVE-2024-32238
was published
Apr 22, 2024
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ...
Critical
Unreviewed
CVE-2019-17393
was published
May 24, 2022
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source...
Critical
Unreviewed
CVE-2023-27132
was published
Oct 17, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
Critical
Unreviewed
CVE-2023-25531
was published
Sep 20, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the...
Critical
Unreviewed
CVE-2023-20965
was published
Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain...
Critical
Unreviewed
CVE-2023-36082
was published
Aug 3, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file....
Critical
Unreviewed
CVE-2023-34128
was published
Jul 13, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ...
Critical
Unreviewed
CVE-2023-1778
was published
Apr 27, 2023
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal...
Critical
Unreviewed
CVE-2023-28131
was published
Apr 24, 2023
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the...
Critical
Unreviewed
CVE-2019-1384
was published
May 24, 2022
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative...
Critical
Unreviewed
CVE-2020-15921
was published
May 24, 2022
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems...
Critical
Unreviewed
CVE-2019-3431
was published
May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU...
Critical
Unreviewed
CVE-2019-14929
was published
May 24, 2022
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface...
Critical
Unreviewed
CVE-2019-13400
was published
May 24, 2022
LemonLDAP::NG -2.0.3 has Incorrect Access Control.
Critical
Unreviewed
CVE-2019-12046
was published
May 24, 2022
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows...
Critical
Unreviewed
CVE-2019-11350
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615...
Critical
Unreviewed
CVE-2020-26097
was published
May 24, 2022
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command...
Critical
Unreviewed
CVE-2024-21815
was published
Mar 5, 2024
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated...
Critical
Unreviewed
CVE-2022-45611
was published
Aug 22, 2023
ProTip!
Advisories are also available from the
GraphQL API