Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

328 advisories

Loading
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2023-27975 was published Feb 14, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed
CVE-2023-6421 was published Jan 1, 2024
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed
CVE-2023-32268 was published Dec 6, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed
CVE-2023-6254 was published Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed
CVE-2023-43905 was published Oct 26, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to... High Unreviewed
CVE-2023-37362 was published Jul 20, 2023
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to... High Unreviewed
CVE-2023-31824 was published Jul 13, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed
CVE-2020-18406 was published Jun 27, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed
CVE-2022-47376 was published Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed
CVE-2023-29168 was published Jun 8, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it... High Unreviewed
CVE-2023-22862 was published Jun 5, 2023
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could... High Unreviewed
CVE-2023-25740 was published Jun 2, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed
CVE-2023-33263 was published May 25, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. ... High Unreviewed
CVE-2023-24506 was published May 8, 2023
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40... High Unreviewed
CVE-2023-2335 was published Apr 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database