GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to...
Moderate
Unreviewed
CVE-2023-29447
was published
Jan 10, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,...
High
Unreviewed
CVE-2023-6421
was published
Jan 1, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials...
Moderate
Unreviewed
CVE-2022-39820
was published
Dec 25, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text...
Moderate
Unreviewed
CVE-2023-47741
was published
Dec 18, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2023-6791
was published
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be...
Moderate
Unreviewed
CVE-2023-47722
was published
Dec 9, 2023
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Moderate
Unreviewed
CVE-2023-24047
was published
Dec 5, 2023
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local...
Moderate
Unreviewed
CVE-2023-44300
was published
Dec 4, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-49653
was published
for
org.jenkins-ci.plugins:jira
(Maven)
Nov 29, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text...
High
Unreviewed
CVE-2023-6254
was published
Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the...
High
Unreviewed
CVE-2023-44303
was published
Nov 24, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0...
Moderate
Unreviewed
CVE-2023-41676
was published
Nov 14, 2023
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and...
Moderate
Unreviewed
CVE-2023-26221
was published
Nov 8, 2023
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability...
Moderate
Unreviewed
CVE-2023-38328
was published
Oct 27, 2023
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote...
Moderate
Unreviewed
CVE-2020-17477
was published
Oct 26, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account...
High
Unreviewed
CVE-2023-43905
was published
Oct 26, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers...
High
Unreviewed
CVE-2023-5552
was published
Oct 18, 2023
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source...
Critical
Unreviewed
CVE-2023-27132
was published
Oct 17, 2023
Eaton easySoft software is used to program easy controllers and displays for configuring,...
Moderate
Unreviewed
CVE-2023-43777
was published
Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local...
Moderate
Unreviewed
CVE-2023-27315
was published
Oct 12, 2023
ProTip!
Advisories are also available from the
GraphQL API