GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
448 advisories
Filter by severity
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
Moderate
Unreviewed
CVE-2024-35208
was published
Jun 11, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Moderate
Unreviewed
CVE-2023-24047
was published
Dec 5, 2023
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App...
Moderate
Unreviewed
CVE-2024-39878
was published
Jul 1, 2024
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile...
Moderate
Unreviewed
CVE-2024-39879
was published
Jul 1, 2024
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Moderate
Unreviewed
CVE-2024-38505
was published
Jun 18, 2024
SimpleSAMLphp exposes credentials in session storage
Moderate
GHSA-7wh8-jrq7-p27f
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
An attacker could potentially intercept credentials via the task manager and perform unauthorized...
Moderate
Unreviewed
CVE-2024-23583
was published
May 18, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33496
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33497
was published
May 14, 2024
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses...
Moderate
Unreviewed
CVE-2024-22345
was published
May 14, 2024
Database scanning using username and password stores the credentials in plaintext or encoded...
Moderate
Unreviewed
CVE-2024-23551
was published
May 8, 2024
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely...
Moderate
Unreviewed
CVE-2022-42451
was published
Oct 11, 2023
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82...
Moderate
Unreviewed
CVE-2022-27774
was published
Jun 3, 2022
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak...
Moderate
Unreviewed
CVE-2022-27776
was published
Jun 3, 2022
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability...
Moderate
Unreviewed
CVE-2023-38328
was published
Oct 27, 2023
Eaton easySoft software is used to program easy controllers and displays for configuring,...
Moderate
Unreviewed
CVE-2023-43777
was published
Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local...
Moderate
Unreviewed
CVE-2023-27315
was published
Oct 12, 2023
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An...
Moderate
Unreviewed
CVE-2022-44758
was published
Oct 11, 2023
ProTip!
Advisories are also available from the
GraphQL API