GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,026 advisories
Filter by severity
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Moderate
Unreviewed
CVE-2024-47162
was published
Sep 19, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
The Eaton Foreseer software provides the feasibility for the user to configure external servers...
Moderate
Unreviewed
CVE-2024-31415
was published
Sep 13, 2024
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
Moderate
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
Insufficiently Protected Credentials in Apache Superset
Moderate
CVE-2021-44451
was published
for
apache-superset
(pip)
Feb 2, 2022
Apache Superset allowed for database connections password leak for authenticated users
Moderate
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,...
High
Unreviewed
CVE-2024-28981
was published
Sep 12, 2024
Ansible sets unsafe permissions for sources.list
Moderate
CVE-2014-4659
was published
for
ansible
(pip)
May 17, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
A series of related high-severity vulnerabilities, the most notable enabling remote code...
High
Unreviewed
CVE-2024-40710
was published
Sep 7, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These...
Moderate
Unreviewed
CVE-2024-39278
was published
Sep 6, 2024
Ansible password prompts could expose passwords
Moderate
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive...
Moderate
Unreviewed
CVE-2024-40704
was published
Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison...
Moderate
Unreviewed
CVE-2024-7813
was published
Aug 15, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API