Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

149 advisories

Loading
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. Critical Unreviewed
CVE-2024-40583 was published Dec 9, 2024
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware... Critical Unreviewed
CVE-2023-48010 was published Dec 5, 2024
Username Enumeration vulnerabilities allow access to application level username add, delete,... Critical Unreviewed
CVE-2024-51545 was published Dec 5, 2024
Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP... Critical Unreviewed
CVE-2019-17082 was published Nov 26, 2024
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required... Critical Unreviewed
CVE-2024-11703 was published Nov 26, 2024
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache... Critical Unreviewed
CVE-2024-44000 was published Oct 20, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub... Critical Unreviewed
CVE-2024-6118 was published Aug 5, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed
CVE-2024-37051 was published Jun 10, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's... Critical Unreviewed
CVE-2024-32238 was published Apr 22, 2024
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command... Critical Unreviewed
CVE-2024-21815 was published Mar 5, 2024
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source... Critical Unreviewed
CVE-2023-27132 was published Oct 17, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... Critical Unreviewed
CVE-2023-25531 was published Sep 20, 2023
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed
CVE-2022-45611 was published Aug 22, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the... Critical Unreviewed
CVE-2023-20965 was published Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain... Critical Unreviewed
CVE-2023-36082 was published Aug 3, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.... Critical Unreviewed
CVE-2023-34128 was published Jul 13, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security... Critical Unreviewed
CVE-2022-4693 was published Jul 6, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all... Critical Unreviewed
CVE-2023-26204 was published Jun 13, 2023
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ... Critical Unreviewed
CVE-2023-1778 was published Apr 27, 2023
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal... Critical Unreviewed
CVE-2023-28131 was published Apr 24, 2023
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file... Critical Unreviewed
CVE-2022-45599 was published Feb 23, 2023
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. Critical Unreviewed
CVE-2022-43969 was published Feb 16, 2023
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... Critical Unreviewed
CVE-2022-47697 was published Jan 31, 2023
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32519 was published Jan 31, 2023
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in... Critical Unreviewed
CVE-2022-32520 was published Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database