Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

448 advisories

Loading
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some... Moderate Unreviewed
CVE-2020-5182 was published May 24, 2022
Password stored in plain text by Applatix Plugin Moderate
CVE-2020-2133 was published for com.applatix.jenkins:applatix (Maven) May 24, 2022
NotMyFault
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key.... Moderate Unreviewed
CVE-2022-45424 was published Dec 27, 2022
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. Moderate Unreviewed
CVE-2020-7908 was published May 24, 2022
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded... Moderate Unreviewed
CVE-2020-8657 was published May 24, 2022
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine... Moderate Unreviewed
CVE-2020-8422 was published May 24, 2022
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An... Moderate Unreviewed
CVE-2019-19857 was published May 24, 2022
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5... Moderate Unreviewed
CVE-2019-6700 was published May 24, 2022
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by... Moderate Unreviewed
CVE-2020-6954 was published May 24, 2022
USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600;... Moderate Unreviewed
CVE-2020-1871 was published May 24, 2022
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management.... Moderate Unreviewed
CVE-2019-18832 was published May 24, 2022
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware... Moderate Unreviewed
CVE-2019-15801 was published May 24, 2022
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete... Moderate Unreviewed
CVE-2021-34560 was published May 24, 2022
Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to bypass intended access control... Moderate Unreviewed
CVE-2018-21031 was published May 24, 2022
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL... Moderate Unreviewed
CVE-2019-15635 was published May 24, 2022
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the... Moderate Unreviewed
CVE-2019-16371 was published May 24, 2022
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear... Moderate Unreviewed
CVE-2022-22458 was published Dec 23, 2022
Insufficiently Protected Credentials vulnerability in the remote backups application on Western... Moderate Unreviewed
CVE-2022-29839 was published Dec 9, 2022
A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT ... Moderate Unreviewed
CVE-2019-6567 was published May 24, 2022
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may... Moderate Unreviewed
CVE-2022-30944 was published Aug 19, 2022
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in... Moderate Unreviewed
CVE-2021-36317 was published Dec 22, 2021
A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic.... Moderate Unreviewed
CVE-2016-15014 was published Jan 7, 2023
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0... Moderate Unreviewed
CVE-2022-42132 was published Nov 15, 2022
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently... Moderate Unreviewed
CVE-2022-33169 was published Aug 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database