GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal...
High
Unreviewed
CVE-2024-27166
was published
Jun 14, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ...
Unknown
Unreviewed
CVE-2024-4232
was published
May 14, 2024
TYPO3 Information Disclosure in User Authentication
Moderate
GHSA-wj85-rg5g-v8jm
was published
for
typo3/cms-core
(Composer)
May 30, 2024
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain...
Unknown
Unreviewed
CVE-2024-4425
was published
May 14, 2024
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage...
Low
Unreviewed
CVE-2024-28971
was published
May 8, 2024
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure...
Moderate
Unreviewed
CVE-2024-28961
was published
Apr 29, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default database secret...
High
Unreviewed
CVE-2024-3623
was published
Apr 25, 2024
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is...
High
Unreviewed
CVE-2024-3622
was published
Apr 25, 2024
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's...
High
Unreviewed
CVE-2024-3624
was published
Apr 25, 2024
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on...
High
Unreviewed
CVE-2024-3625
was published
Apr 25, 2024
Eaton easySoft software is used to program easy controllers and displays for configuring,...
Moderate
Unreviewed
CVE-2023-43777
was published
Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local...
Moderate
Unreviewed
CVE-2023-27315
was published
Oct 12, 2023
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages...
High
Unreviewed
CVE-2022-3261
was published
Sep 15, 2023
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x...
Moderate
Unreviewed
CVE-2023-4400
was published
Sep 13, 2023
?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could...
High
Unreviewed
CVE-2023-39227
was published
Sep 11, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System...
High
Unreviewed
CVE-2023-35067
was published
Jul 25, 2023
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user...
Moderate
Unreviewed
CVE-2023-35765
was published
Jul 7, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file...
Moderate
Unreviewed
CVE-2023-22389
was published
Jul 6, 2023
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in...
Moderate
Unreviewed
CVE-2023-3395
was published
Jul 3, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user...
Moderate
Unreviewed
CVE-2022-4945
was published
May 23, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows...
High
Unreviewed
CVE-2022-4308
was published
Apr 19, 2023
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1...
Low
Unreviewed
CVE-2021-25358
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API