Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

448 advisories

Loading
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to... Moderate Unreviewed
CVE-2019-4138 was published May 24, 2022
Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R)... Moderate Unreviewed
CVE-2019-0120 was published May 24, 2022
eyeDisk implements the unlock feature by sending a cleartext password. The password can be... Moderate Unreviewed
CVE-2019-11885 was published May 24, 2022
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable Moderate Unreviewed
CVE-2014-0241 was published May 17, 2022
Claws Mail vCalendar plugin: credentials exposed on interface Moderate Unreviewed
CVE-2012-5527 was published Apr 23, 2022
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication... Moderate Unreviewed
CVE-2023-50311 was published Mar 31, 2024
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ... Moderate Unreviewed
CVE-2022-47561 was published Sep 20, 2023
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote... Moderate Unreviewed
CVE-2020-11964 was published May 24, 2022
When curl is instructed to get content using the metalink feature, and a user name and password... Moderate Unreviewed
CVE-2021-22923 was published May 24, 2022
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the... Moderate Unreviewed
CVE-2023-36266 was published Jul 12, 2023
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores... Moderate Unreviewed
CVE-2021-38938 was published Mar 15, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which... Moderate Unreviewed
CVE-2024-22312 was published Feb 10, 2024
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering... Moderate Unreviewed
CVE-2022-29959 was published Aug 17, 2022
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores... Moderate Unreviewed
CVE-2024-21869 was published Feb 2, 2024
The database access credentials configured during installation are stored in a special table, and... Moderate Unreviewed
CVE-2023-4538 was published Feb 15, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed... Moderate Unreviewed
CVE-2024-23306 was published Feb 14, 2024
Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated... Moderate Unreviewed
CVE-2023-31492 was published Aug 18, 2023
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser... Moderate Unreviewed
CVE-2022-34311 was published Feb 12, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies Moderate
CVE-2023-50291 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device... Moderate Unreviewed
CVE-2023-49106 was published Jan 16, 2024
Users with appropriate file access may be able to access unencrypted user credentials saved by... Moderate Unreviewed
CVE-2021-32039 was published Jan 21, 2022
Jenkins TestFairy Plugin stores credentials in plain text Moderate
CVE-2019-1003096 was published for org.jenkins-ci.plugins:TestFairy (Maven) May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text Moderate
CVE-2019-1003045 was published for de.eacg:ecs-publisher (Maven) May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text Moderate
CVE-2019-1003097 was published for com.ds.tools.hudson:crowd (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database