Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses Moderate
CVE-2025-58049 was published for org.xwiki.platform:xwiki-platform-export-pdf-api (Maven) Aug 28, 2025
An issue was discovered in Commvault before 11.36.60. During the brief window between... Moderate Unreviewed
CVE-2025-57789 was published Aug 20, 2025
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. Moderate Unreviewed
CVE-2025-44958 was published Aug 4, 2025
The VNC application stores its passwords encrypted within the registry but uses DES for... Moderate Unreviewed
CVE-2025-27459 was published Jul 3, 2025
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all... Moderate Unreviewed
CVE-2025-24852 was published Mar 31, 2025
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-32151 was published Nov 26, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform... Moderate Unreviewed
CVE-2024-20462 was published Oct 16, 2024
Under certain circumstances the Linux users credentials may be recovered by an authenticated user. Moderate Unreviewed
CVE-2024-32756 was published Jul 2, 2024
Under certain circumstances the web interface users credentials may be recovered by an... Moderate Unreviewed
CVE-2024-32932 was published Jul 2, 2024
The key used to encrypt passwords stored in the database can be found in the CyberPower... Moderate Unreviewed
CVE-2024-32042 was published May 15, 2024
Claris International has successfully resolved an issue of potentially exposing password... Moderate Unreviewed
CVE-2023-42955 was published May 14, 2024
Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive... Moderate Unreviewed
CVE-2024-3543 was published May 2, 2024
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages... Moderate Unreviewed
CVE-2023-38738 was published Jan 19, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-31001 was published Jan 11, 2024
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4,... Moderate Unreviewed
CVE-2023-2358 was published Sep 27, 2023
Pimcore customers' list user password hash is disclosed Moderate
CVE-2023-2881 was published for pimcore/customer-management-framework-bundle (Composer) May 25, 2023
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering... Moderate Unreviewed
CVE-2023-31150 was published May 10, 2023
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical... Moderate Unreviewed
CVE-2022-46142 was published Dec 13, 2022
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format Moderate
CVE-2019-1010241 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and... Moderate Unreviewed
CVE-2018-5446 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database