GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
290 advisories
Filter by severity
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always...
Moderate
Unreviewed
CVE-2018-5559
was published
May 13, 2022
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81...
Moderate
Unreviewed
CVE-2019-5765
was published
May 13, 2022
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee...
Moderate
Unreviewed
CVE-2019-3606
was published
May 13, 2022
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1...
Moderate
Unreviewed
CVE-2019-3612
was published
May 13, 2022
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions...
Moderate
Unreviewed
CVE-2018-18984
was published
May 13, 2022
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not...
Moderate
Unreviewed
CVE-2015-5537
was published
May 13, 2022
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be...
Moderate
Unreviewed
CVE-2018-1882
was published
May 13, 2022
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass....
Moderate
Unreviewed
CVE-2022-29868
was published
May 10, 2022
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the...
Moderate
Unreviewed
CVE-2010-0225
was published
May 2, 2022
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie,...
Moderate
Unreviewed
CVE-2009-2272
was published
May 2, 2022
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication,...
Moderate
Unreviewed
CVE-2008-0174
was published
May 1, 2022
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to...
Moderate
Unreviewed
CVE-2005-2160
was published
May 1, 2022
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie,...
Moderate
Unreviewed
CVE-2002-1800
was published
Apr 30, 2022
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for...
Moderate
Unreviewed
CVE-2001-1536
was published
Apr 30, 2022
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores...
Moderate
Unreviewed
CVE-2001-1537
was published
Apr 30, 2022
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1,...
Moderate
Unreviewed
CVE-2004-2397
was published
Apr 29, 2022
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world...
Moderate
Unreviewed
CVE-2011-2916
was published
Apr 22, 2022
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a...
Moderate
Unreviewed
CVE-2021-39078
was published
Apr 20, 2022
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to...
Moderate
Unreviewed
CVE-2022-0835
was published
Apr 12, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F...
Moderate
Unreviewed
CVE-2022-25160
was published
Apr 3, 2022
3CX System through 2022-03-17 stores cleartext passwords in a database.
Moderate
Unreviewed
CVE-2021-45491
was published
Mar 29, 2022
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local...
Moderate
Unreviewed
CVE-2022-23234
was published
Mar 17, 2022
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows...
Moderate
Unreviewed
CVE-2022-26778
was published
Mar 11, 2022
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a...
Moderate
Unreviewed
CVE-2021-43590
was published
Mar 5, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could...
Moderate
Unreviewed
CVE-2021-35036
was published
Mar 2, 2022
ProTip!
Advisories are also available from the
GraphQL API