GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
451 advisories
Filter by severity
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data...
High
Unreviewed
CVE-2023-28045
was published
May 19, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text
Moderate
CVE-2023-32982
was published
for
org.jenkins-ci.plugins:ansible
(Maven)
May 16, 2023
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific...
Moderate
Unreviewed
CVE-2023-21404
was published
May 8, 2023
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is...
High
Unreviewed
CVE-2023-32290
was published
May 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access...
Moderate
Unreviewed
CVE-2023-22948
was published
Apr 13, 2023
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface....
Critical
Unreviewed
CVE-2023-0750
was published
Apr 6, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted
Moderate
CVE-2023-28841
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear...
Moderate
Unreviewed
CVE-2022-38458
was published
Mar 21, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls...
Moderate
Unreviewed
CVE-2022-21940
was published
Feb 9, 2023
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore...
Moderate
Unreviewed
CVE-2023-23127
was published
Feb 1, 2023
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.
Moderate
Unreviewed
CVE-2022-47715
was published
Feb 1, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
Noise vulnerable to denial of service
High
CVE-2021-4239
was published
for
github.com/flynn/noise
(Go)
Dec 28, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the...
Moderate
Unreviewed
CVE-2022-3781
was published
Nov 2, 2022
The application was vulnerable to an authenticated information disclosure, allowing...
Moderate
Unreviewed
CVE-2022-40295
was published
Nov 1, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to...
Moderate
Unreviewed
CVE-2022-35860
was published
Oct 19, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
Moderate
Unreviewed
CVE-2020-15330
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc...
Critical
Unreviewed
CVE-2020-15331
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
Moderate
Unreviewed
CVE-2020-15342
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
Moderate
Unreviewed
CVE-2020-15346
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
Moderate
Unreviewed
CVE-2020-15343
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
Moderate
Unreviewed
CVE-2020-15345
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
Moderate
Unreviewed
CVE-2020-15344
was published
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API