Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident... Moderate Unreviewed
CVE-2019-10926 was published May 24, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub... Moderate Unreviewed
CVE-2019-14664 was published May 24, 2022
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL... Moderate Unreviewed
CVE-2019-15635 was published May 24, 2022
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580,... High Unreviewed
CVE-2019-6845 was published May 24, 2022
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed
CVE-2019-16674 was published May 24, 2022
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580,... Moderate Unreviewed
CVE-2019-6846 was published May 24, 2022
On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200,... Low Unreviewed
CVE-2019-0069 was published May 24, 2022
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP... High Unreviewed
CVE-2021-27422 was published Mar 24, 2022
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed
CVE-2019-16672 was published May 24, 2022
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI... Moderate Unreviewed
CVE-2019-18285 was published May 24, 2022
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin... Moderate Unreviewed
CVE-2019-19890 was published May 24, 2022
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The... Moderate Unreviewed
CVE-2019-19889 was published May 24, 2022
Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer... Moderate Unreviewed
CVE-2019-8632 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
Cleartext transmission of sensitive information vulnerability in authentication management in... Moderate Unreviewed
CVE-2022-27619 was published Aug 4, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed
CVE-2020-4497 was published Dec 15, 2022
The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. Moderate Unreviewed
CVE-2020-8506 was published May 24, 2022
The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. Moderate Unreviewed
CVE-2020-8507 was published May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin Low
CVE-2020-2156 was published for com.openmake:deployhub (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Skytap Cloud CI Plugin Low
CVE-2020-2157 was published for org.jenkins-ci.plugins:skytap (Maven) May 24, 2022
NotMyFault
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900... Moderate Unreviewed
CVE-2019-18863 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access... Moderate Unreviewed
CVE-2019-16067 was published May 24, 2022
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on... Moderate Unreviewed
CVE-2020-7483 was published May 24, 2022
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP... Moderate Unreviewed
CVE-2020-5867 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database