GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,014 advisories
Filter by severity
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50311
was published
Mar 31, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores...
Moderate
Unreviewed
CVE-2021-38938
was published
Mar 15, 2024
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command...
Critical
Unreviewed
CVE-2024-21815
was published
Mar 5, 2024
The database access credentials configured during installation are stored in a special table, and...
Moderate
Unreviewed
CVE-2023-4538
was published
Feb 15, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized...
High
Unreviewed
CVE-2023-27975
was published
Feb 14, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed...
Moderate
Unreviewed
CVE-2024-23306
was published
Feb 14, 2024
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser...
Moderate
Unreviewed
CVE-2022-34311
was published
Feb 12, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which...
Moderate
Unreviewed
CVE-2024-22312
was published
Feb 10, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores...
Moderate
Unreviewed
CVE-2024-21869
was published
Feb 2, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config...
High
Unreviewed
CVE-2024-22432
was published
Jan 25, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device...
Moderate
Unreviewed
CVE-2023-49106
was published
Jan 16, 2024
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker...
Moderate
Unreviewed
CVE-2023-50125
was published
Jan 11, 2024
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to...
Moderate
Unreviewed
CVE-2023-29447
was published
Jan 10, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,...
High
Unreviewed
CVE-2023-6421
was published
Jan 1, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials...
Moderate
Unreviewed
CVE-2022-39820
was published
Dec 25, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text...
Moderate
Unreviewed
CVE-2023-47741
was published
Dec 18, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2023-6791
was published
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be...
Moderate
Unreviewed
CVE-2023-47722
was published
Dec 9, 2023
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API