GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
170 advisories
Filter by severity
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac...
High
Unreviewed
CVE-2023-0053
was published
Jul 6, 2023
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal...
High
Unreviewed
CVE-2022-41627
was published
Jul 6, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure...
High
Unreviewed
CVE-2023-21219
was published
Jun 28, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure...
High
Unreviewed
CVE-2023-21220
was published
Jun 28, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to...
High
Unreviewed
CVE-2023-31410
was published
Jun 19, 2023
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File...
High
Unreviewed
CVE-2023-23841
was published
Jun 16, 2023
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow...
High
Unreviewed
CVE-2023-1899
was published
Jun 12, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker...
High
Unreviewed
CVE-2023-28348
was published
May 31, 2023
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a...
High
Unreviewed
CVE-2023-31193
was published
May 22, 2023
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory...
High
Unreviewed
CVE-2023-32784
was published
May 15, 2023
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain...
High
Unreviewed
CVE-2023-25437
was published
Apr 27, 2023
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials...
High
Unreviewed
CVE-2023-1802
was published
Apr 6, 2023
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java...
High
Unreviewed
CVE-2023-1656
was published
Mar 29, 2023
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application...
High
Unreviewed
CVE-2022-45546
was published
Feb 15, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in...
High
Unreviewed
CVE-2023-22806
was published
Feb 15, 2023
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS...
High
Unreviewed
CVE-2022-40693
was published
Feb 7, 2023
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive...
High
Unreviewed
CVE-2023-25016
was published
Feb 6, 2023
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep...
High
Unreviewed
CVE-2022-43551
was published
Dec 23, 2022
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be...
High
Unreviewed
CVE-2022-22758
was published
Dec 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol...
High
Unreviewed
CVE-2022-47895
was published
Dec 22, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue...
High
Unreviewed
CVE-2021-4258
was published
Dec 19, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication...
High
Unreviewed
CVE-2022-44411
was published
Nov 25, 2022
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote...
High
Unreviewed
CVE-2022-38122
was published
Nov 10, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25...
High
Unreviewed
CVE-2021-45447
was published
Nov 2, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using...
High
Unreviewed
CVE-2022-42916
was published
Oct 29, 2022
ProTip!
Advisories are also available from the
GraphQL API