Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
User passwords are stored in clear text in the Django session Moderate
CVE-2020-15105 was published for django-two-factor-auth (pip) Jul 10, 2020
nickcatal liewegas
benweissmann
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader
Unencrypted storage of client side sessions Moderate
CVE-2021-29481 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email... Moderate Unreviewed
CVE-2021-34544 was published Dec 8, 2021
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the... Moderate Unreviewed
CVE-2021-42066 was published Dec 15, 2021
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could... Moderate Unreviewed
CVE-2021-35035 was published Dec 30, 2021
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and... Moderate Unreviewed
CVE-2021-20171 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and... Moderate Unreviewed
CVE-2021-20162 was published Dec 31, 2021
A vulnerability in the information storage architecture of several Cisco IP Phone models could... Moderate Unreviewed
CVE-2022-20660 was published Jan 15, 2022
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with... Moderate Unreviewed
CVE-2021-31821 was published Jan 20, 2022
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E ... Moderate Unreviewed
CVE-2022-23129 was published Jan 22, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual... Moderate Unreviewed
CVE-2022-21818 was published Feb 16, 2022
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local,... Moderate Unreviewed
CVE-2020-14480 was published Feb 25, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Moderate Unreviewed
CVE-2021-35036 was published Mar 2, 2022
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a... Moderate Unreviewed
CVE-2021-43590 was published Mar 5, 2022
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows... Moderate Unreviewed
CVE-2022-26778 was published Mar 11, 2022
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed
CVE-2022-23234 was published Mar 17, 2022
3CX System through 2022-03-17 stores cleartext passwords in a database. Moderate Unreviewed
CVE-2021-45491 was published Mar 29, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Moderate Unreviewed
CVE-2022-25160 was published Apr 3, 2022
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to... Moderate Unreviewed
CVE-2022-0835 was published Apr 12, 2022
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed
CVE-2021-39078 was published Apr 20, 2022
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world... Moderate Unreviewed
CVE-2011-2916 was published Apr 22, 2022
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1,... Moderate Unreviewed
CVE-2004-2397 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database