GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
287 advisories
Filter by severity
Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which...
High
Unreviewed
CVE-2024-43812
was published
Oct 23, 2024
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is...
High
Unreviewed
CVE-2024-7755
was published
Oct 17, 2024
The affected product is vulnerable due to insufficiently protected credentials, which may allow...
High
Unreviewed
CVE-2024-49396
was published
Oct 17, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,...
High
Unreviewed
CVE-2024-28981
was published
Sep 12, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an...
High
Unreviewed
CVE-2024-20489
was published
Sep 11, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to...
High
Unreviewed
CVE-2024-44815
was published
Sep 10, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code...
High
Unreviewed
CVE-2024-40710
was published
Sep 7, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-7389
was published
Aug 2, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key....
High
Unreviewed
CVE-2024-38453
was published
Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As...
High
Unreviewed
CVE-2023-41926
was published
Jul 2, 2024
Insufficiently protected credentials in GE HealthCare EchoPAC products
High
Unreviewed
CVE-2024-27109
was published
May 14, 2024
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows...
High
Unreviewed
CVE-2024-29941
was published
May 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due...
High
Unreviewed
CVE-2023-37400
was published
Apr 19, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0...
High
Unreviewed
CVE-2023-41677
was published
Apr 9, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized...
High
Unreviewed
CVE-2023-27975
was published
Feb 14, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config...
High
Unreviewed
CVE-2024-22432
was published
Jan 25, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,...
High
Unreviewed
CVE-2023-6421
was published
Jan 1, 2024
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text...
High
Unreviewed
CVE-2023-6254
was published
Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the...
High
Unreviewed
CVE-2023-44303
was published
Nov 24, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account...
High
Unreviewed
CVE-2023-43905
was published
Oct 26, 2023
ProTip!
Advisories are also available from the
GraphQL API