GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
448 advisories
Filter by severity
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2019-4138
was published
May 24, 2022
Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R)...
Moderate
Unreviewed
CVE-2019-0120
was published
May 24, 2022
eyeDisk implements the unlock feature by sending a cleartext password. The password can be...
Moderate
Unreviewed
CVE-2019-11885
was published
May 24, 2022
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
Moderate
Unreviewed
CVE-2014-0241
was published
May 17, 2022
Claws Mail vCalendar plugin: credentials exposed on interface
Moderate
Unreviewed
CVE-2012-5527
was published
Apr 23, 2022
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50311
was published
Mar 31, 2024
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ...
Moderate
Unreviewed
CVE-2022-47561
was published
Sep 20, 2023
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote...
Moderate
Unreviewed
CVE-2020-11964
was published
May 24, 2022
When curl is instructed to get content using the metalink feature, and a user name and password...
Moderate
Unreviewed
CVE-2021-22923
was published
May 24, 2022
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the...
Moderate
Unreviewed
CVE-2023-36266
was published
Jul 12, 2023
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores...
Moderate
Unreviewed
CVE-2021-38938
was published
Mar 15, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which...
Moderate
Unreviewed
CVE-2024-22312
was published
Feb 10, 2024
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering...
Moderate
Unreviewed
CVE-2022-29959
was published
Aug 17, 2022
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores...
Moderate
Unreviewed
CVE-2024-21869
was published
Feb 2, 2024
The database access credentials configured during installation are stored in a special table, and...
Moderate
Unreviewed
CVE-2023-4538
was published
Feb 15, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed...
Moderate
Unreviewed
CVE-2024-23306
was published
Feb 14, 2024
Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated...
Moderate
Unreviewed
CVE-2023-31492
was published
Aug 18, 2023
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser...
Moderate
Unreviewed
CVE-2022-34311
was published
Feb 12, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device...
Moderate
Unreviewed
CVE-2023-49106
was published
Jan 16, 2024
Users with appropriate file access may be able to access unencrypted user credentials saved by...
Moderate
Unreviewed
CVE-2021-32039
was published
Jan 21, 2022
Jenkins TestFairy Plugin stores credentials in plain text
Moderate
CVE-2019-1003096
was published
for
org.jenkins-ci.plugins:TestFairy
(Maven)
May 13, 2022
ECS Publisher Plugin stored and displayed API token in plain text
Moderate
CVE-2019-1003045
was published
for
de.eacg:ecs-publisher
(Maven)
May 13, 2022
Jenkins Crowd Integration Plugin stores credentials in plain text
Moderate
CVE-2019-1003097
was published
for
com.ds.tools.hudson:crowd
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API