GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain...
Low
Unreviewed
CVE-2023-33833
was published
Aug 31, 2023
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as...
Low
Unreviewed
CVE-2023-4384
was published
Aug 16, 2023
Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to...
Low
Unreviewed
CVE-2023-39843
was published
Aug 15, 2023
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows...
Low
Unreviewed
CVE-2023-39842
was published
Aug 15, 2023
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and...
Low
Unreviewed
CVE-2023-33849
was published
Jun 8, 2023
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed...
Low
Unreviewed
CVE-2020-8173
was published
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header....
Low
Unreviewed
CVE-2019-19090
was published
May 24, 2022
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through...
Low
Unreviewed
CVE-2019-4398
was published
May 24, 2022
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user...
Low
Unreviewed
CVE-2019-0307
was published
May 24, 2022
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan...
Low
Unreviewed
CVE-2018-6674
was published
May 13, 2022
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices...
Low
Unreviewed
CVE-2018-8864
was published
May 13, 2022
Jenkins IRC Plugin stores credentials in plain text
Low
CVE-2019-1003051
was published
for
org.jvnet.hudson.plugins:ircbot
(Maven)
May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003052
was published
for
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
(Maven)
May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Low
CVE-2019-1003057
was published
for
org.jenkins-ci.plugins:bitbucket-approve
(Maven)
May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Low
CVE-2019-1003060
was published
for
org.jenkins-ci.plugins:zap
(Maven)
May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text
Low
CVE-2019-1003070
was published
for
org.jenkins-ci.plugins:veracode-scanner
(Maven)
May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text
Low
CVE-2019-1003055
was published
for
org.jvnet.hudson.plugins:ftppublisher
(Maven)
May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text
Low
CVE-2019-1003064
was published
for
org.jenkins-ci.plugins:aws-device-farm
(Maven)
May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Low
CVE-2019-1003069
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Low
CVE-2019-1003063
was published
for
org.jenkins-ci.plugins:snsnotify
(Maven)
May 13, 2022
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Low
CVE-2019-1003062
was published
for
org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
(Maven)
May 13, 2022
Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text
Low
CVE-2019-1003065
was published
for
org.jenkins-ci.plugins:cloudshare-docker
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API