GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,475

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

285 advisories

Filter by severity

Sort by

Least recently updated

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read... Moderate Unreviewed

CVE-2022-22470 was published Jan 9, 2023

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which... Moderate Unreviewed

CVE-2021-39009 was published Sep 2, 2022

Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An... Moderate Unreviewed

CVE-2022-33918 was published Oct 13, 2022

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain... Moderate Unreviewed

CVE-2022-22484 was published May 18, 2022

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in... Moderate Unreviewed

CVE-2019-4314 was published May 24, 2022

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface,... Moderate Unreviewed

CVE-2018-20008 was published May 24, 2022

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it... Moderate Unreviewed

CVE-2019-15947 was published May 24, 2022

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including... Moderate Unreviewed

CVE-2022-22457 was published Dec 23, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. Moderate Unreviewed

CVE-2020-15325 was published Sep 30, 2022

Certain General Electric Renewable Energy products store cleartext credentials in flash memory.... Moderate Unreviewed

CVE-2022-24120 was published Dec 26, 2022

Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik... Moderate Unreviewed

CVE-2019-18238 was published May 24, 2022

If a user saved passwords before Thunderbird 60 and then later set a master password, an... Moderate Unreviewed

CVE-2020-6794 was published May 24, 2022

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Moderate Unreviewed

CVE-2021-35036 was published Mar 2, 2022

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were... Moderate Unreviewed

CVE-2020-11694 was published May 24, 2022

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding,... Moderate Unreviewed

CVE-2020-11821 was published May 24, 2022

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and... Moderate Unreviewed

CVE-2019-17655 was published May 24, 2022

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and... Moderate Unreviewed

CVE-2020-13637 was published May 24, 2022

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store... Moderate Unreviewed

CVE-2020-12032 was published May 24, 2022

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2... Moderate Unreviewed

CVE-2020-28917 was published May 24, 2022

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1... Moderate Unreviewed

CVE-2020-8276 was published May 24, 2022

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921... Moderate Unreviewed

CVE-2020-27557 was published May 24, 2022

Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions,... Moderate Unreviewed

CVE-2020-25677 was published May 24, 2022

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage... Moderate Unreviewed

CVE-2020-29502 was published May 24, 2022

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text... Moderate Unreviewed

CVE-2020-29489 was published May 24, 2022

GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. Moderate Unreviewed

CVE-2020-23249 was published May 24, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

285 advisories