GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All...
Moderate
Unreviewed
CVE-2021-42023
was published
Dec 15, 2021
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.
Moderate
Unreviewed
CVE-2021-40857
was published
Dec 14, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker...
Moderate
Unreviewed
CVE-2021-37187
was published
Dec 11, 2021
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root...
Critical
Unreviewed
CVE-2021-20146
was published
Dec 10, 2021
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful...
High
Unreviewed
CVE-2021-37075
was published
Dec 9, 2021
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary...
High
Unreviewed
CVE-2021-43978
was published
Dec 9, 2021
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers...
Moderate
Unreviewed
CVE-2020-27413
was published
Dec 8, 2021
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can...
Moderate
Unreviewed
CVE-2021-43327
was published
Dec 3, 2021
Azure Active Directory Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2021-42306
was published
Nov 25, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Improper permission handling in Apache Solr
High
CVE-2021-29262
was published
for
org.apache.solr:solr-core
(Maven)
May 10, 2021
Client TLS credentials sent raw to server in npm package nats
Critical
GHSA-prmc-5v5w-c465
was published
for
nats
(npm)
Apr 6, 2021
Insufficiently Protected Credentials in Elasticsearch
Moderate
CVE-2021-22132
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Private key leak in Apache CXF
High
CVE-2019-12423
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 22, 2020
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Insufficiently Protected Credentials in Apache Tomcat
High
CVE-2019-12418
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty
High
CVE-2019-11284
was published
for
io.projectreactor.netty:reactor-netty
(Maven)
Oct 23, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
ProTip!
Advisories are also available from the
GraphQL API