Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

985 advisories

Loading
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site Moderate Unreviewed
CVE-2024-38505 was published Jun 18, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This... Low Unreviewed
CVE-2024-30119 was published Jun 15, 2024
Utilizing default credentials, an attacker is able to log into the camera's operating system... Unknown Unreviewed
CVE-2024-38282 was published Jun 13, 2024
Logs storing credentials are insufficiently protected and can be decoded through the use of open... Unknown Unreviewed
CVE-2024-38285 was published Jun 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed
CVE-2024-35208 was published Jun 11, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed
CVE-2024-37051 was published Jun 10, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may... Unknown Unreviewed
CVE-2024-5176 was published May 31, 2024
SimpleSAMLphp exposes credentials in session storage Moderate
GHSA-7wh8-jrq7-p27f was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
An attacker could potentially intercept credentials via the task manager and perform unauthorized... Moderate Unreviewed
CVE-2024-23583 was published May 18, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed
CVE-2024-27109 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33496 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33497 was published May 14, 2024
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses... Moderate Unreviewed
CVE-2024-22345 was published May 14, 2024
Database scanning using username and password stores the credentials in plaintext or encoded... Moderate Unreviewed
CVE-2024-23551 was published May 8, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed
CVE-2023-37400 was published Apr 19, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability Moderate
CVE-2024-29992 was published for Azure.Identity (NuGet) Apr 9, 2024
scottaddie
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed
CVE-2023-41677 was published Apr 9, 2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for... Moderate Unreviewed
CVE-2024-3165 was published Apr 2, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication... Moderate Unreviewed
CVE-2023-50311 was published Mar 31, 2024
ProTip! Advisories are also available from the GraphQL API