GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,388
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,090
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,456

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

110 advisories

Filter by severity

Sort by

Least recently updated

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate

CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024

Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal... High Unreviewed

CVE-2024-27166 was published Jun 14, 2024

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by... Moderate Unreviewed

CVE-2024-25052 was published Jun 13, 2024

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ... Unknown Unreviewed

CVE-2024-4232 was published May 14, 2024

TYPO3 Information Disclosure in User Authentication Moderate

GHSA-wj85-rg5g-v8jm was published for typo3/cms-core (Composer) May 30, 2024

The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain... Unknown Unreviewed

CVE-2024-4425 was published May 14, 2024

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage... Low Unreviewed

CVE-2024-28971 was published May 8, 2024

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure... Moderate Unreviewed

CVE-2024-28961 was published Apr 29, 2024

A flaw was found when using mirror-registry to install Quay. It uses a default database secret... High Unreviewed

CVE-2024-3623 was published Apr 25, 2024

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is... High Unreviewed

CVE-2024-3622 was published Apr 25, 2024

A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's... High Unreviewed

CVE-2024-3624 was published Apr 25, 2024

A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on... High Unreviewed

CVE-2024-3625 was published Apr 25, 2024

Eaton easySoft software is used to program easy controllers and displays for configuring,... Moderate Unreviewed

CVE-2023-43777 was published Oct 17, 2023

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed

CVE-2023-27315 was published Oct 12, 2023

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages... High Unreviewed

CVE-2022-3261 was published Sep 15, 2023

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x... Moderate Unreviewed

CVE-2023-4400 was published Sep 13, 2023

?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could... High Unreviewed

CVE-2023-39227 was published Sep 11, 2023

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed

CVE-2023-35067 was published Jul 25, 2023

PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user... Moderate Unreviewed

CVE-2023-35765 was published Jul 7, 2023

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file... Moderate Unreviewed

CVE-2023-22389 was published Jul 6, 2023

?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in... Moderate Unreviewed

CVE-2023-3395 was published Jul 3, 2023

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all... Critical Unreviewed

CVE-2023-26204 was published Jun 13, 2023

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user... Moderate Unreviewed

CVE-2022-4945 was published May 23, 2023

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed

CVE-2022-4308 was published Apr 19, 2023

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1... Low Unreviewed

CVE-2021-25358 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

110 advisories