Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

20 advisories

Loading
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command... Critical Unreviewed
CVE-2024-40457 was published Sep 12, 2024
The health endpoint is public so everybody can see a list of all services. It is potentially... Critical Unreviewed
CVE-2024-9798 was published Oct 10, 2024
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp... Critical Unreviewed
CVE-2024-8644 was published Sep 27, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ... Critical Unreviewed
CVE-2023-41095 was published Oct 26, 2023
The decrypted configuration file contains the password in cleartext which is used to configure... Critical Unreviewed
CVE-2024-36497 was published Jun 24, 2024
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as... Critical Unreviewed
CVE-2023-31069 was published Sep 11, 2023
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing... Critical Unreviewed
CVE-2023-33373 was published Aug 4, 2023
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure... Critical Unreviewed
CVE-2019-13096 was published May 24, 2022
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation... Critical Unreviewed
CVE-2023-2809 was published Oct 4, 2023
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could... Critical Unreviewed
CVE-2022-3089 was published Feb 13, 2023
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management... Critical Unreviewed
CVE-2018-18394 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... Critical Unreviewed
CVE-2018-18641 was published May 13, 2022
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the... Critical Unreviewed
CVE-2017-5250 was published May 13, 2022
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used... Critical Unreviewed
CVE-2017-5249 was published May 13, 2022
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010)... Critical Unreviewed
CVE-2019-0285 was published May 13, 2022
A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored... Critical Unreviewed
CVE-2022-43958 was published Nov 8, 2022
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs,... Critical Unreviewed
CVE-2021-29954 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Critical Unreviewed
CVE-2020-15332 was published Sep 30, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Critical Unreviewed
CVE-2022-25158 was published Apr 3, 2022
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix... Critical Unreviewed
CVE-2022-26148 was published Mar 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database