Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
A vulnerability has been identified in Siveillance Video Client (All versions). In environments... Moderate Unreviewed
CVE-2020-15785 was published May 24, 2022
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of... Moderate Unreviewed
CVE-2020-13528 was published May 24, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They... High Unreviewed
CVE-2022-31204 was published Jul 27, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue... High Unreviewed
CVE-2021-4258 was published Dec 19, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may... High Unreviewed
CVE-2022-2485 was published Sep 1, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials... High Unreviewed
CVE-2022-2005 was published Sep 1, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU... Critical Unreviewed
CVE-2022-2003 was published Sep 1, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller... High Unreviewed
CVE-2022-29519 was published Jun 29, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this... Moderate Unreviewed
CVE-2017-20109 was published Jun 30, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack... Moderate Unreviewed
CVE-2022-1524 was published Jun 25, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username... Moderate Unreviewed
CVE-2021-39342 was published May 24, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission... Moderate Unreviewed
CVE-2022-25805 was published Jun 10, 2022
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and... Moderate Unreviewed
CVE-2022-29733 was published Jun 3, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28508 was published May 27, 2022
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts... Moderate Unreviewed
CVE-2020-4980 was published May 24, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28509 was published May 27, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine... High Unreviewed
CVE-2022-26077 was published May 26, 2022
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can... Moderate Unreviewed
CVE-2021-34687 was published May 24, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are... High Unreviewed
CVE-2021-32966 was published May 26, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database