GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
287 advisories
Filter by severity
Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which...
High
Unreviewed
CVE-2024-43812
was published
Oct 23, 2024
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is...
High
Unreviewed
CVE-2024-7755
was published
Oct 17, 2024
The affected product is vulnerable due to insufficiently protected credentials, which may allow...
High
Unreviewed
CVE-2024-49396
was published
Oct 17, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an...
High
Unreviewed
CVE-2024-20489
was published
Sep 11, 2024
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it...
High
Unreviewed
CVE-2023-22862
was published
Jun 5, 2023
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to...
High
Unreviewed
CVE-2024-44815
was published
Sep 10, 2024
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,...
High
Unreviewed
CVE-2024-28981
was published
Sep 12, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code...
High
Unreviewed
CVE-2024-40710
was published
Sep 7, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-7389
was published
Aug 2, 2024
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access...
High
Unreviewed
CVE-1999-0013
was published
Apr 30, 2022
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows...
High
Unreviewed
CVE-2024-29941
was published
May 7, 2024
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs...
High
Unreviewed
CVE-2019-20470
was published
May 24, 2022
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the...
High
Unreviewed
CVE-2020-11925
was published
May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an...
High
Unreviewed
CVE-2020-29583
was published
May 24, 2022
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key....
High
Unreviewed
CVE-2024-38453
was published
Jul 3, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As...
High
Unreviewed
CVE-2023-41926
was published
Jul 2, 2024
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker...
High
Unreviewed
CVE-2021-40655
was published
May 24, 2022
Insufficiently protected credentials in GE HealthCare EchoPAC products
High
Unreviewed
CVE-2024-27109
was published
May 14, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due...
High
Unreviewed
CVE-2023-37400
was published
Apr 19, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0...
High
Unreviewed
CVE-2023-41677
was published
Apr 9, 2024
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
High
Unreviewed
CVE-2023-28089
was published
Apr 25, 2023
ProTip!
Advisories are also available from the
GraphQL API