GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
149 advisories
Filter by severity
Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP...
Critical
Unreviewed
CVE-2019-17082
was published
Nov 26, 2024
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware...
Critical
Unreviewed
CVE-2023-48010
was published
Dec 5, 2024
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
Critical
Unreviewed
CVE-2024-40583
was published
Dec 9, 2024
Username Enumeration vulnerabilities allow access to application level username add, delete,...
Critical
Unreviewed
CVE-2024-51545
was published
Dec 5, 2024
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required...
Critical
Unreviewed
CVE-2024-11703
was published
Nov 26, 2024
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache...
Critical
Unreviewed
CVE-2024-44000
was published
Oct 20, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity...
Critical
Unreviewed
CVE-2017-9248
was published
May 13, 2022
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's...
Critical
Unreviewed
CVE-2024-32238
was published
Apr 22, 2024
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ...
Critical
Unreviewed
CVE-2019-17393
was published
May 24, 2022
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source...
Critical
Unreviewed
CVE-2023-27132
was published
Oct 17, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
Critical
Unreviewed
CVE-2023-25531
was published
Sep 20, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the...
Critical
Unreviewed
CVE-2023-20965
was published
Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain...
Critical
Unreviewed
CVE-2023-36082
was published
Aug 3, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file....
Critical
Unreviewed
CVE-2023-34128
was published
Jul 13, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ...
Critical
Unreviewed
CVE-2023-1778
was published
Apr 27, 2023
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal...
Critical
Unreviewed
CVE-2023-28131
was published
Apr 24, 2023
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the...
Critical
Unreviewed
CVE-2019-1384
was published
May 24, 2022
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative...
Critical
Unreviewed
CVE-2020-15921
was published
May 24, 2022
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems...
Critical
Unreviewed
CVE-2019-3431
was published
May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU...
Critical
Unreviewed
CVE-2019-14929
was published
May 24, 2022
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface...
Critical
Unreviewed
CVE-2019-13400
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API