GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
164 advisories
Filter by severity
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2021-20567
was published
May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre...
Moderate
Unreviewed
CVE-2021-23211
was published
May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,...
Moderate
Unreviewed
CVE-2019-4471
was published
May 24, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance...
Moderate
Unreviewed
CVE-2020-29024
was published
May 24, 2022
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2020-4597
was published
May 24, 2022
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
Moderate
Unreviewed
CVE-2020-35658
was published
May 24, 2022
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the...
Moderate
Unreviewed
CVE-2020-26816
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all...
Moderate
Unreviewed
CVE-2020-7567
was published
May 24, 2022
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption...
Moderate
Unreviewed
CVE-2020-8150
was published
May 24, 2022
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the...
Moderate
Unreviewed
CVE-2020-27650
was published
May 24, 2022
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the...
Moderate
Unreviewed
CVE-2020-1688
was published
May 24, 2022
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the...
Moderate
Unreviewed
CVE-2020-15767
was published
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH...
Moderate
Unreviewed
CVE-2020-12398
was published
May 24, 2022
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case...
Moderate
Unreviewed
CVE-2020-15574
was published
May 24, 2022
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android...
Moderate
Unreviewed
CVE-2020-15509
was published
May 24, 2022
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery...
Moderate
Unreviewed
CVE-2020-15302
was published
May 24, 2022
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted....
Moderate
Unreviewed
CVE-2020-12801
was published
May 24, 2022
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A...
Moderate
Unreviewed
CVE-2020-12772
was published
May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane...
Moderate
Unreviewed
CVE-2020-5879
was published
May 24, 2022
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
Moderate
Unreviewed
CVE-2020-11685
was published
May 24, 2022
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a...
Moderate
Unreviewed
CVE-2020-11826
was published
May 24, 2022
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated...
Moderate
Unreviewed
CVE-2019-18376
was published
May 24, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)...
Moderate
Unreviewed
CVE-2020-10941
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API