Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
The affected Reolink P2P products do not sufficiently protect data transferred between the local... High Unreviewed
CVE-2020-25169 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain... High Unreviewed
CVE-2021-20409 was published May 24, 2022
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a... High Unreviewed
CVE-2021-27209 was published May 24, 2022
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic... High Unreviewed
CVE-2021-22702 was published May 24, 2022
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic... High Unreviewed
CVE-2021-22703 was published May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in... High Unreviewed
CVE-2019-18231 was published May 24, 2022
Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1... High Unreviewed
CVE-2021-27194 was published May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2021-27251 was published May 24, 2022
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface... High Unreviewed
CVE-2021-20992 was published May 24, 2022
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial... High Unreviewed
CVE-2020-27185 was published May 24, 2022
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before... High Unreviewed
CVE-2021-23018 was published May 24, 2022
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with... High Unreviewed
CVE-2021-32612 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext... High Unreviewed
CVE-2020-36423 was published May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to... High Unreviewed
CVE-2021-33883 was published May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows... High Unreviewed
CVE-2021-40847 was published May 24, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking... High Unreviewed
CVE-2021-22946 was published May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed
CVE-2021-0296 was published May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed
CVE-2021-40366 was published May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form High
CVE-2019-10428 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 24, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed
CVE-2020-20128 was published May 24, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine... High Unreviewed
CVE-2022-26077 was published May 26, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are... High Unreviewed
CVE-2021-32966 was published May 26, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller... High Unreviewed
CVE-2022-29519 was published Jun 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database