GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
High
Unreviewed
CVE-2022-48071
was published
Jan 27, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Jenkins NeoLoad Plugin stores credentials in cleartext
High
CVE-2019-10440
was published
for
org.jenkins-ci.plugins:neoload-jenkins-plugin
(Maven)
May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext
High
CVE-2019-10443
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs ...
High
Unreviewed
CVE-2022-34388
was published
Feb 11, 2023
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in...
High
Unreviewed
CVE-2019-15023
was published
May 24, 2022
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive...
High
Unreviewed
CVE-2022-41734
was published
Feb 17, 2023
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with...
High
Unreviewed
CVE-2022-34351
was published
Feb 17, 2023
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability...
High
Unreviewed
CVE-2023-26760
was published
Feb 27, 2023
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source...
High
Unreviewed
CVE-2021-20407
was published
May 24, 2022
A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this...
High
Unreviewed
CVE-2023-1683
was published
Mar 29, 2023
Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data...
High
Unreviewed
CVE-2021-35526
was published
May 24, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all...
High
Unreviewed
CVE-2022-25164
was published
Nov 25, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3...
High
Unreviewed
CVE-2022-29826
was published
Nov 25, 2022
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
High
CVE-2018-8947
was published
for
rap2hpoutre/laravel-log-viewer
(Composer)
May 13, 2022
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
High
Unreviewed
CVE-2022-48073
was published
Jan 27, 2023
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26307
was published
Jul 26, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190...
High
Unreviewed
CVE-2022-2739
was published
Sep 2, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
ProTip!
Advisories are also available from the
GraphQL API