GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
285 advisories
Filter by severity
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read...
Moderate
Unreviewed
CVE-2022-22470
was published
Jan 9, 2023
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which...
Moderate
Unreviewed
CVE-2021-39009
was published
Sep 2, 2022
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An...
Moderate
Unreviewed
CVE-2022-33918
was published
Oct 13, 2022
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain...
Moderate
Unreviewed
CVE-2022-22484
was published
May 18, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in...
Moderate
Unreviewed
CVE-2019-4314
was published
May 24, 2022
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface,...
Moderate
Unreviewed
CVE-2018-20008
was published
May 24, 2022
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it...
Moderate
Unreviewed
CVE-2019-15947
was published
May 24, 2022
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including...
Moderate
Unreviewed
CVE-2022-22457
was published
Dec 23, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Moderate
Unreviewed
CVE-2020-15325
was published
Sep 30, 2022
Certain General Electric Renewable Energy products store cleartext credentials in flash memory....
Moderate
Unreviewed
CVE-2022-24120
was published
Dec 26, 2022
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik...
Moderate
Unreviewed
CVE-2019-18238
was published
May 24, 2022
If a user saved passwords before Thunderbird 60 and then later set a master password, an...
Moderate
Unreviewed
CVE-2020-6794
was published
May 24, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could...
Moderate
Unreviewed
CVE-2021-35036
was published
Mar 2, 2022
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were...
Moderate
Unreviewed
CVE-2020-11694
was published
May 24, 2022
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding,...
Moderate
Unreviewed
CVE-2020-11821
was published
May 24, 2022
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and...
Moderate
Unreviewed
CVE-2019-17655
was published
May 24, 2022
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and...
Moderate
Unreviewed
CVE-2020-13637
was published
May 24, 2022
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store...
Moderate
Unreviewed
CVE-2020-12032
was published
May 24, 2022
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2...
Moderate
Unreviewed
CVE-2020-28917
was published
May 24, 2022
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1...
Moderate
Unreviewed
CVE-2020-8276
was published
May 24, 2022
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921...
Moderate
Unreviewed
CVE-2020-27557
was published
May 24, 2022
Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions,...
Moderate
Unreviewed
CVE-2020-25677
was published
May 24, 2022
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage...
Moderate
Unreviewed
CVE-2020-29502
was published
May 24, 2022
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text...
Moderate
Unreviewed
CVE-2020-29489
was published
May 24, 2022
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
Moderate
Unreviewed
CVE-2020-23249
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API