GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions...
High
Unreviewed
CVE-2023-46388
was published
Dec 1, 2023
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
High
Unreviewed
CVE-2023-46376
was published
Oct 27, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows...
High
Unreviewed
CVE-2023-44037
was published
Oct 14, 2023
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server...
High
Unreviewed
CVE-2023-3489
was published
Aug 31, 2023
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System...
High
Unreviewed
CVE-2023-31041
was published
Aug 14, 2023
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's...
High
Unreviewed
CVE-2023-39379
was published
Aug 4, 2023
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of...
High
Unreviewed
CVE-2023-30146
was published
Aug 4, 2023
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.
High
Unreviewed
CVE-2023-39144
was published
Aug 3, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive...
High
Unreviewed
CVE-2023-33742
was published
Jul 27, 2023
mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <=...
High
Unreviewed
CVE-2023-30367
was published
Jul 26, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive...
High
Unreviewed
CVE-2023-31821
was published
Jul 13, 2023
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214...
High
Unreviewed
CVE-2023-31408
was published
Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain...
High
Unreviewed
CVE-2023-27243
was published
Jun 21, 2023
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the...
High
Unreviewed
CVE-2023-1897
was published
Jun 12, 2023
The Danfoss AK-EM100 stores login credentials in cleartext.
High
Unreviewed
CVE-2023-22584
was published
Jun 11, 2023
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local...
High
Unreviewed
CVE-2023-27706
was published
Jun 9, 2023
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3....
High
Unreviewed
CVE-2023-28713
was published
Jun 1, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
Plaintext Password in Registry
vulnerability in 42gears surelock windows surelockwinsetupv2.40...
High
Unreviewed
CVE-2023-2335
was published
Apr 27, 2023
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.
High
Unreviewed
CVE-2023-29480
was published
Apr 24, 2023
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in...
High
Unreviewed
CVE-2023-31043
was published
Apr 23, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
ProTip!
Advisories are also available from the
GraphQL API