GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
170 advisories
Filter by severity
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20...
High
Unreviewed
CVE-2022-41636
was published
Oct 28, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which...
High
Unreviewed
CVE-2022-2083
was published
Sep 6, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may...
High
Unreviewed
CVE-2022-2485
was published
Sep 1, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials...
High
Unreviewed
CVE-2022-2005
was published
Sep 1, 2022
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be...
High
Unreviewed
CVE-2022-36200
was published
Aug 29, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure...
High
Unreviewed
CVE-2021-3590
was published
Aug 23, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an...
High
Unreviewed
CVE-2022-32245
was published
Aug 11, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They...
High
Unreviewed
CVE-2022-31204
was published
Jul 27, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller...
High
Unreviewed
CVE-2022-29519
was published
Jun 29, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are...
High
Unreviewed
CVE-2021-32966
was published
May 26, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine...
High
Unreviewed
CVE-2022-26077
was published
May 26, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.
High
Unreviewed
CVE-2020-20128
was published
May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The...
High
Unreviewed
CVE-2021-40366
was published
May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS...
High
Unreviewed
CVE-2021-0296
was published
May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows...
High
Unreviewed
CVE-2021-40847
was published
May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to...
High
Unreviewed
CVE-2021-33883
was published
May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext...
High
Unreviewed
CVE-2020-36423
was published
May 24, 2022
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with...
High
Unreviewed
CVE-2021-32612
was published
May 24, 2022
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before...
High
Unreviewed
CVE-2021-23018
was published
May 24, 2022
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial...
High
Unreviewed
CVE-2020-27185
was published
May 24, 2022
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface...
High
Unreviewed
CVE-2021-20992
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
High
Unreviewed
CVE-2021-27251
was published
May 24, 2022
Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1...
High
Unreviewed
CVE-2021-27194
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API