GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
985 advisories
Filter by severity
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Moderate
Unreviewed
CVE-2024-38505
was published
Jun 18, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This...
Low
Unreviewed
CVE-2024-30119
was published
Jun 15, 2024
Utilizing default credentials, an attacker is able to log into the camera's operating system...
Unknown
Unreviewed
CVE-2024-38282
was published
Jun 13, 2024
Logs storing credentials are insufficiently protected and can be decoded through the use of open...
Unknown
Unreviewed
CVE-2024-38285
was published
Jun 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
Moderate
Unreviewed
CVE-2024-35208
was published
Jun 11, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1...
Critical
Unreviewed
CVE-2024-37051
was published
Jun 10, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may...
Unknown
Unreviewed
CVE-2024-5176
was published
May 31, 2024
SimpleSAMLphp exposes credentials in session storage
Moderate
GHSA-7wh8-jrq7-p27f
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
An attacker could potentially intercept credentials via the task manager and perform unauthorized...
Moderate
Unreviewed
CVE-2024-23583
was published
May 18, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Insufficiently protected credentials in GE HealthCare EchoPAC products
High
Unreviewed
CVE-2024-27109
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33496
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33497
was published
May 14, 2024
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses...
Moderate
Unreviewed
CVE-2024-22345
was published
May 14, 2024
Database scanning using username and password stores the credentials in plaintext or encoded...
Moderate
Unreviewed
CVE-2024-23551
was published
May 8, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due...
High
Unreviewed
CVE-2023-37400
was published
Apr 19, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0...
High
Unreviewed
CVE-2023-41677
was published
Apr 9, 2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for...
Moderate
Unreviewed
CVE-2024-3165
was published
Apr 2, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50311
was published
Mar 31, 2024
ProTip!
Advisories are also available from the
GraphQL API