GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,544

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

546 advisories

Filter by severity

Sort by

Least recently updated

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive... High Unreviewed

CVE-2018-1877 was published May 13, 2022

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always... Moderate Unreviewed

CVE-2018-5559 was published May 13, 2022

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk... High Unreviewed

CVE-2017-3214 was published May 13, 2022

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81... Moderate Unreviewed

CVE-2019-5765 was published May 13, 2022

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee... Moderate Unreviewed

CVE-2019-3606 was published May 13, 2022

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1... Moderate Unreviewed

CVE-2019-3612 was published May 13, 2022

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010)... Critical Unreviewed

CVE-2019-0285 was published May 13, 2022

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which... High Unreviewed

CVE-2018-12572 was published May 13, 2022

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local... High Unreviewed

CVE-2018-19009 was published May 13, 2022

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions... Moderate Unreviewed

CVE-2018-18984 was published May 13, 2022

Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS... High Unreviewed

CVE-2018-19981 was published May 13, 2022

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not... Moderate Unreviewed

CVE-2015-5537 was published May 13, 2022

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext... High Unreviewed

CVE-2016-0876 was published May 13, 2022

In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be... Moderate Unreviewed

CVE-2018-1882 was published May 13, 2022

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions... High Unreviewed

CVE-2022-28214 was published May 12, 2022

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Low Unreviewed

CVE-2022-28162 was published May 10, 2022

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.... Moderate Unreviewed

CVE-2022-29868 was published May 10, 2022

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the... Moderate Unreviewed

CVE-2010-0225 was published May 2, 2022

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie,... Moderate Unreviewed

CVE-2009-2272 was published May 2, 2022

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish... Low Unreviewed

CVE-2008-1567 was published May 1, 2022

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication,... Moderate Unreviewed

CVE-2008-0174 was published May 1, 2022

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext... Low Unreviewed

CVE-2005-2209 was published May 1, 2022

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to... Moderate Unreviewed

CVE-2005-2160 was published May 1, 2022

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file,... High Unreviewed

CVE-2005-1828 was published May 1, 2022

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie,... Moderate Unreviewed

CVE-2002-1800 was published Apr 30, 2022

Previous 1 2 … 18 19 20 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

546 advisories