GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,587
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,988
Maven 5,170
npm 3,704
NuGet 661
pip 3,332
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,189

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

447 advisories

Filter by severity

Sort by

Least recently updated

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This... Moderate Unreviewed

CVE-2022-42284 was published Jan 13, 2023

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed

CVE-2022-23234 was published Mar 17, 2022

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix... Critical Unreviewed

CVE-2022-26148 was published Mar 22, 2022

3CX System through 2022-03-17 stores cleartext passwords in a database. Moderate Unreviewed

CVE-2021-45491 was published Mar 29, 2022

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Moderate Unreviewed

CVE-2022-25160 was published Apr 3, 2022

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Critical Unreviewed

CVE-2022-25158 was published Apr 3, 2022

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to... Moderate Unreviewed

CVE-2022-0835 was published Apr 12, 2022

IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed

CVE-2021-39078 was published Apr 20, 2022

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password... High Unreviewed

CVE-2022-24188 was published Nov 29, 2022

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and... High Unreviewed

CVE-2021-36460 was published Apr 26, 2022

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text... Moderate Unreviewed

CVE-2021-20410 was published May 24, 2022

The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a ... High Unreviewed

CVE-2021-28374 was published May 24, 2022

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in... Moderate Unreviewed

CVE-2020-6648 was published May 24, 2022

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115... Moderate Unreviewed

CVE-2021-26833 was published May 24, 2022

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND... Moderate Unreviewed

CVE-2022-23236 was published Jun 3, 2022

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions <... Moderate Unreviewed

CVE-2021-33716 was published May 24, 2022

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor... Moderate Unreviewed

CVE-2020-9045 was published May 24, 2022

** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH... Moderate Unreviewed

CVE-2022-29620 was published Jun 8, 2022

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access... Moderate Unreviewed

CVE-2022-41740 was published Jan 5, 2023

Cleartext storage of sensitive information in multiple versions of Octopus Server where in... High Unreviewed

CVE-2021-30183 was published May 24, 2022

When configuring Octopus Server if it is configured with an external SQL database, on initial... High Unreviewed

CVE-2021-31816 was published May 24, 2022

When configuring Octopus Server if it is configured with an external SQL database, on initial... High Unreviewed

CVE-2021-31817 was published May 24, 2022

RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of... Moderate Unreviewed

CVE-2021-36165 was published May 24, 2022

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as... Moderate Unreviewed

CVE-2017-20040 was published Jun 12, 2022

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4... High Unreviewed

CVE-2021-45025 was published Jun 18, 2022

Previous 1 2 3 4 5 … 17 18 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

447 advisories