Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. High Unreviewed
CVE-2022-48071 was published Jan 27, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Jenkins NeoLoad Plugin stores credentials in cleartext High
CVE-2019-10440 was published for org.jenkins-ci.plugins:neoload-jenkins-plugin (Maven) May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext High
CVE-2019-10443 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs ... High Unreviewed
CVE-2022-34388 was published Feb 11, 2023
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in... High Unreviewed
CVE-2019-15023 was published May 24, 2022
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2022-41734 was published Feb 17, 2023
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with... High Unreviewed
CVE-2022-34351 was published Feb 17, 2023
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability... High Unreviewed
CVE-2023-26760 was published Feb 27, 2023
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source... High Unreviewed
CVE-2021-20407 was published May 24, 2022
A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this... High Unreviewed
CVE-2023-1683 was published Mar 29, 2023
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data... High Unreviewed
CVE-2021-35526 was published May 24, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all... High Unreviewed
CVE-2022-25164 was published Nov 25, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3... High Unreviewed
CVE-2022-29826 was published Nov 25, 2022
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. High Unreviewed
CVE-2022-48073 was published Jan 27, 2023
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26307 was published Jul 26, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37401 was published Aug 16, 2022
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190... High Unreviewed
CVE-2022-2739 was published Sep 2, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin High
CVE-2019-10448 was published for jenkins.xtc:extensivetesting (Maven) May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Data written to GitHub Actions Cache may expose secrets High
CVE-2023-30853 was published for gradle/gradle-build-action (GitHub Actions) May 1, 2023
bigdaz
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
ProTip! Advisories are also available from the GraphQL API