Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users... High Unreviewed
CVE-2020-5805 was published May 24, 2022
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after... High Unreviewed
CVE-2021-31791 was published May 24, 2022
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext... High Unreviewed
CVE-2022-42955 was published Nov 7, 2022
An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in... High Unreviewed
CVE-2021-27178 was published May 24, 2022
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext... High Unreviewed
CVE-2021-27176 was published May 24, 2022
In multiple managed switches by WAGO in different versions the webserver cookies of the web based... High Unreviewed
CVE-2021-20995 was published May 24, 2022
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect... High Unreviewed
CVE-2021-25644 was published May 24, 2022
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service... High Unreviewed
CVE-2020-29324 was published May 24, 2022
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key... High Unreviewed
CVE-2021-29950 was published May 24, 2022
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary... High Unreviewed
CVE-2020-22741 was published May 24, 2022
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt... High Unreviewed
CVE-2020-12731 was published May 24, 2022
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before... High Unreviewed
CVE-2021-33323 was published May 24, 2022
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. High Unreviewed
CVE-2021-37548 was published May 24, 2022
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control... High Unreviewed
CVE-2020-18759 was published May 24, 2022
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured... High Unreviewed
CVE-2021-31820 was published May 24, 2022
Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear... High Unreviewed
CVE-2020-19137 was published May 24, 2022
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile... High Unreviewed
CVE-2021-40527 was published May 24, 2022
Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The... High Unreviewed
CVE-2021-42763 was published May 24, 2022
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext,... High Unreviewed
CVE-2021-38422 was published May 24, 2022
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote... High Unreviewed
CVE-2021-37842 was published May 24, 2022
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because... High Unreviewed
CVE-2021-42370 was published May 24, 2022
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config... High Unreviewed
CVE-2021-37157 was published May 24, 2022
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account ... High Unreviewed
CVE-2020-29550 was published May 24, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage High
CVE-2019-10453 was published for org.jenkins-ci.plugins:delphix (Maven) May 24, 2022
IXPdata EasyInstall 6.6.14725 contains an access control issue. High Unreviewed
CVE-2022-35120 was published Dec 2, 2022
ProTip! Advisories are also available from the GraphQL API