Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

526 advisories

Loading
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed
CVE-2022-38458 was published Mar 21, 2023
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that... Moderate Unreviewed
CVE-2023-23915 was published Feb 23, 2023
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application... High Unreviewed
CVE-2022-45546 was published Feb 15, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in... High Unreviewed
CVE-2023-22806 was published Feb 15, 2023
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2023-0001 was published Feb 8, 2023
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS... High Unreviewed
CVE-2022-40693 was published Feb 7, 2023
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive... High Unreviewed
CVE-2023-25016 was published Feb 6, 2023
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being... Moderate Unreviewed
CVE-2023-23130 was published Feb 1, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when... Moderate Unreviewed
CVE-2023-22863 was published Jan 18, 2023
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... Moderate Unreviewed
CVE-2023-22597 was published Jan 13, 2023
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Apache James server allows an attacker with local access to access private user data in transit Moderate
CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023
Communication between the client and the server application of the affected products is partially... Critical Unreviewed
CVE-2022-3929 was published Jan 6, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep... High Unreviewed
CVE-2022-43551 was published Dec 23, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be... High Unreviewed
CVE-2022-22758 was published Dec 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol... High Unreviewed
CVE-2022-47895 was published Dec 22, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue... High Unreviewed
CVE-2021-4258 was published Dec 19, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed
CVE-2020-4497 was published Dec 15, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is... Moderate Unreviewed
CVE-2020-9420 was published Dec 14, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software... Critical Unreviewed
CVE-2022-43724 was published Dec 13, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database