GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+
568 advisories
Filter by severity
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to...
Moderate
Unreviewed
CVE-2024-29952
was published
Apr 18, 2024
The NMAP Importer service may expose data store credentials to authorized users of the Windows...
Moderate
Unreviewed
CVE-2024-23584
was published
Apr 9, 2024
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information...
High
Unreviewed
CVE-2024-28387
was published
Mar 25, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
High
Unreviewed
CVE-2024-22084
was published
Mar 20, 2024
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011,...
High
Unreviewed
CVE-2023-49341
was published
Mar 9, 2024
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2024-24375
was published
Mar 7, 2024
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP...
Moderate
Unreviewed
CVE-2024-20292
was published
Mar 6, 2024
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform...
High
Unreviewed
CVE-2023-50957
was published
Feb 10, 2024
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to...
Moderate
Unreviewed
CVE-2024-24488
was published
Feb 7, 2024
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive...
Moderate
Unreviewed
CVE-2023-31002
was published
Feb 7, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of...
High
Unreviewed
CVE-2023-6874
was published
Feb 5, 2024
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Moderate
CVE-2023-51702
was published
for
apache-airflow
(pip)
Jan 24, 2024
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
High
Unreviewed
CVE-2023-27098
was published
Jan 9, 2024
Infinispan caches credentials in clear text
Moderate
CVE-2023-5384
was published
for
org.infinispan:infinispan-cachestore-jdbc
(Maven)
Dec 28, 2023
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password...
High
Unreviewed
CVE-2023-6250
was published
Dec 26, 2023
The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information...
Moderate
Unreviewed
CVE-2023-50294
was published
Dec 26, 2023
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50776
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50772
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50777
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An...
Moderate
Unreviewed
CVE-2022-46141
was published
Dec 12, 2023
lakeFS logs S3 credentials in plain text
High
GHSA-4rgc-5g6r-2rjf
was published
for
github.com/treeverse/lakefs
(Go)
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API