GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,135
Composer 4,081
Erlang 29
GitHub Actions 19
Go 1,909
Maven 5,106
npm 3,642
NuGet 638
pip 3,258
Pub 10
RubyGems 869
Rust 820
Swift 35

Unreviewed advisories

All unreviewed 229,009

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

501 advisories

Filter by severity

Sort by

Least recently updated

An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and... High Unreviewed

CVE-2017-9663 was published May 13, 2022

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the... Critical Unreviewed

CVE-2017-5250 was published May 13, 2022

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used... Critical Unreviewed

CVE-2017-5249 was published May 13, 2022

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in... High Unreviewed

CVE-2017-1309 was published May 13, 2022

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... High Unreviewed

CVE-2017-13663 was published May 13, 2022

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous... Moderate Unreviewed

CVE-2017-14990 was published May 13, 2022

The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true"... High Unreviewed

CVE-2017-16835 was published May 13, 2022

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of... Moderate Unreviewed

CVE-2017-2723 was published May 13, 2022

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital... Moderate Unreviewed

CVE-2018-10812 was published May 13, 2022

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally... Moderate Unreviewed

CVE-2018-11242 was published May 13, 2022

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management... Critical Unreviewed

CVE-2018-18394 was published May 13, 2022

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... Critical Unreviewed

CVE-2018-18641 was published May 13, 2022

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non... Moderate Unreviewed

CVE-2018-19279 was published May 13, 2022

Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High

CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to... High Unreviewed

CVE-2018-9065 was published May 13, 2022

SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which... Moderate Unreviewed

CVE-2008-6157 was published May 17, 2022

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain... Moderate Unreviewed

CVE-2022-22484 was published May 18, 2022

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface,... Moderate Unreviewed

CVE-2018-20008 was published May 24, 2022

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with... Moderate Unreviewed

CVE-2018-2028 was published May 24, 2022

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to... Moderate Unreviewed

CVE-2019-5810 was published May 24, 2022

Jenkins Gogs Plugin stored credentials in plain text Moderate

CVE-2019-10348 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) May 24, 2022

Jenkins Port Allocator Plugin stores credentials in plain text Moderate

CVE-2019-10350 was published for org.jenkins-ci.plugins:port-allocator (Maven) May 24, 2022

Jenkins Caliper CI Plugin stores credentials in plain text Moderate

CVE-2019-10351 was published for com.brianfromoregon:caliper-ci (Maven) May 24, 2022

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure... Critical Unreviewed

CVE-2019-13096 was published May 24, 2022

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior... Moderate Unreviewed

CVE-2019-3753 was published May 24, 2022

Previous 1 2 3 4 5 6 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

501 advisories