Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's... Critical Unreviewed
CVE-2018-7246 was published May 13, 2022
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account... Critical Unreviewed
CVE-2018-7259 was published May 13, 2022
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to... Critical Unreviewed
CVE-2018-6017 was published May 13, 2022
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof... Moderate Unreviewed
CVE-2018-6019 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10... High Unreviewed
CVE-2018-4227 was published May 13, 2022
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote... High Unreviewed
CVE-2018-7960 was published May 13, 2022
In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software... High Unreviewed
CVE-2018-7298 was published May 13, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local... Moderate Unreviewed
CVE-2022-20243 was published Aug 12, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests... Moderate Unreviewed
CVE-2019-4280 was published May 24, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45478 was published Dec 5, 2022
Potentially compromised builds High
CVE-2019-10249 was published for org.eclipse.xtend:org.eclipse.xtend.core (Maven) May 24, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25... High Unreviewed
CVE-2021-45447 was published Nov 2, 2022
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such... Moderate Unreviewed
CVE-2021-39272 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext... High Unreviewed
CVE-2020-36423 was published May 24, 2022
The affected products contain vulnerable firmware, which could allow an attacker to sniff the... High Unreviewed
CVE-2021-4161 was published Dec 28, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS... High Unreviewed
CVE-2021-20154 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the... High Unreviewed
CVE-2021-20174 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By... High Unreviewed
CVE-2021-20169 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the... High Unreviewed
CVE-2021-20175 was published Dec 31, 2021
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore,... High Unreviewed
CVE-2021-41835 was published Jan 22, 2022
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar... High Unreviewed
CVE-2021-29397 was published Feb 9, 2022
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router... Critical Unreviewed
CVE-2022-0162 was published Feb 11, 2022
The affected product is vulnerable due to cleartext transmission of credentials seen in the... Critical Unreviewed
CVE-2022-21798 was published Feb 26, 2022
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext... High Unreviewed
CVE-2021-40846 was published Mar 5, 2022
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict... High Unreviewed
CVE-2019-4162 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database