Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,051 advisories

Loading
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson... High Unreviewed
CVE-2021-36204 was published Jan 13, 2023
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who... Moderate Unreviewed
CVE-2022-34837 was published Aug 25, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a... Moderate Unreviewed
CVE-2020-25184 was published Mar 19, 2022
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to... Moderate Unreviewed
CVE-2022-0859 was published Mar 24, 2022
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5,... High Unreviewed
CVE-2022-0738 was published Mar 29, 2022
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37075 was published Dec 9, 2021
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an... High Unreviewed
CVE-2022-26948 was published Mar 31, 2022
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose... High Unreviewed
CVE-2022-1026 was published Apr 5, 2022
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on... High Unreviewed
CVE-2022-24978 was published Apr 6, 2022
The programming protocol allows for a previously entered password and lock state to be read by an... High Unreviewed
CVE-2021-32978 was published Apr 5, 2022
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a... Moderate Unreviewed
CVE-2021-45892 was published Apr 6, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but... High Unreviewed
CVE-2021-33024 was published Apr 3, 2022
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields Moderate Unreviewed
CVE-2022-28651 was published Apr 6, 2022
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All... High Unreviewed
CVE-2021-45077 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A... High Unreviewed
CVE-2021-20168 was published Dec 31, 2021
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An... Moderate Unreviewed
CVE-2022-22550 was published Apr 13, 2022
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701,... High Unreviewed
CVE-2022-29457 was published Apr 19, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-39026 was published Feb 19, 2022
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in... Moderate Unreviewed
CVE-2021-3681 was published Apr 19, 2022
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A... High Unreviewed
CVE-2022-26856 was published Apr 22, 2022
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed
CVE-2022-41732 was published Nov 28, 2022
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database