Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure... High Unreviewed
CVE-2023-21220 was published Jun 28, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure... High Unreviewed
CVE-2023-21219 was published Jun 28, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to... High Unreviewed
CVE-2023-31410 was published Jun 19, 2023
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File... High Unreviewed
CVE-2023-23841 was published Jun 16, 2023
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without... Moderate Unreviewed
CVE-2023-31195 was published Jun 13, 2023
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS... Moderate Unreviewed
CVE-2022-41327 was published Jun 13, 2023
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow... High Unreviewed
CVE-2023-1899 was published Jun 12, 2023
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information... Moderate Unreviewed
CVE-2023-27861 was published Jun 5, 2023
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan... Critical Unreviewed
CVE-2023-33730 was published May 31, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker... High Unreviewed
CVE-2023-28348 was published May 31, 2023
html inputs of type password recorded in plaintext when converted to text inputs Moderate
CVE-2023-33187 was published for highlight.run (npm) May 26, 2023
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a... High Unreviewed
CVE-2023-31193 was published May 22, 2023
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause... Critical Unreviewed
CVE-2022-46680 was published May 22, 2023
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A),... Moderate Unreviewed
CVE-2023-0864 was published May 17, 2023
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory... High Unreviewed
CVE-2023-32784 was published May 15, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical... Critical Unreviewed
CVE-2023-30354 was published May 10, 2023
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2... Moderate Unreviewed
CVE-2023-25070 was published May 10, 2023
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows... Moderate Unreviewed
CVE-2023-29680 was published May 2, 2023
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an... Moderate Unreviewed
CVE-2023-29681 was published May 2, 2023
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain... High Unreviewed
CVE-2023-25437 was published Apr 27, 2023
Ironic and ironic-inspector may expose as ConfigMaps Moderate
CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0... Moderate Unreviewed
CVE-2019-14942 was published Apr 16, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate
CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023
Jenkins Kubernetes Plugin does not properly mask credentials Moderate
CVE-2023-30513 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API