GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
988 advisories
Filter by severity
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password...
High
Unreviewed
CVE-2022-47376
was published
Jun 13, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which...
Moderate
Unreviewed
CVE-2023-33620
was published
Jun 13, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed...
High
Unreviewed
CVE-2023-29168
was published
Jun 8, 2023
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build...
Moderate
Unreviewed
CVE-2023-27126
was published
Jun 6, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it...
High
Unreviewed
CVE-2023-22862
was published
Jun 5, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
Moderate
Unreviewed
CVE-2023-31187
was published
May 30, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini...
High
Unreviewed
CVE-2023-33263
was published
May 25, 2023
Pimcore customers' list user password hash is disclosed
Moderate
CVE-2023-2881
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 25, 2023
Hazelcast vulnerable to unmasked password exposure
Moderate
CVE-2023-33264
was published
for
com.hazelcast:hazelcast
(Maven)
May 22, 2023
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool...
Moderate
Unreviewed
CVE-2023-1763
was published
May 17, 2023
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Low
CVE-2023-33000
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
May 16, 2023
Jenkins Code Dx Plugin displays API keys in plain text
Moderate
CVE-2023-2633
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
Jenkins Code Dx Plugin stores API keys in plain text
Moderate
CVE-2023-2632
was published
for
org.jenkins-ci.plugins:codedx
(Maven)
May 16, 2023
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote,...
Moderate
Unreviewed
CVE-2022-47880
was published
May 12, 2023
PostgresNIO processes unencrypted bytes from man-in-the-middle
Low
CVE-2023-31136
was published
for
github.com/vapor/postgres-nio
(Swift)
May 10, 2023
Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow...
Moderate
Unreviewed
CVE-2022-40685
was published
May 10, 2023
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive...
Moderate
Unreviewed
CVE-2023-28764
was published
May 9, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
...
High
Unreviewed
CVE-2023-24506
was published
May 8, 2023
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4...
Moderate
Unreviewed
CVE-2022-45859
was published
May 4, 2023
A valid, authenticated administrative user can query a web interface API to reveal the configured...
Moderate
Unreviewed
CVE-2023-25495
was published
Apr 29, 2023
Plaintext Password in Registry
vulnerability in 42gears surelock windows surelockwinsetupv2.40...
High
Unreviewed
CVE-2023-2335
was published
Apr 27, 2023
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ...
Critical
Unreviewed
CVE-2023-1778
was published
Apr 27, 2023
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS,...
High
Unreviewed
CVE-2023-26567
was published
Apr 26, 2023
ProTip!
Advisories are also available from the
GraphQL API