GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication...
High
Unreviewed
CVE-2022-44411
was published
Nov 25, 2022
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote...
High
Unreviewed
CVE-2022-38122
was published
Nov 10, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25...
High
Unreviewed
CVE-2021-45447
was published
Nov 2, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using...
High
Unreviewed
CVE-2022-42916
was published
Oct 29, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20...
High
Unreviewed
CVE-2022-41636
was published
Oct 28, 2022
tiny-csrf has openly visible CSRF tokens
High
CVE-2022-39287
was published
for
tiny-csrf
(npm)
Oct 7, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which...
High
Unreviewed
CVE-2022-2083
was published
Sep 6, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials...
High
Unreviewed
CVE-2022-2005
was published
Sep 1, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may...
High
Unreviewed
CVE-2022-2485
was published
Sep 1, 2022
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be...
High
Unreviewed
CVE-2022-36200
was published
Aug 29, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure...
High
Unreviewed
CVE-2021-3590
was published
Aug 23, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an...
High
Unreviewed
CVE-2022-32245
was published
Aug 11, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They...
High
Unreviewed
CVE-2022-31204
was published
Jul 27, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller...
High
Unreviewed
CVE-2022-29519
was published
Jun 29, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are...
High
Unreviewed
CVE-2021-32966
was published
May 26, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine...
High
Unreviewed
CVE-2022-26077
was published
May 26, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.
High
Unreviewed
CVE-2020-20128
was published
May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
High
CVE-2019-10428
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The...
High
Unreviewed
CVE-2021-40366
was published
May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS...
High
Unreviewed
CVE-2021-0296
was published
May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows...
High
Unreviewed
CVE-2021-40847
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API