GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,916
Composer 4,270
Erlang 31
GitHub Actions 21
Go 2,046
Maven 5,231
npm 3,737
NuGet 663
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,347

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

275 advisories

Filter by severity

Sort by

Least recently updated

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed

CVE-2023-0001 was published Feb 8, 2023

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being... Moderate Unreviewed

CVE-2023-23130 was published Feb 1, 2023

Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate

CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when... Moderate Unreviewed

CVE-2023-22863 was published Jan 18, 2023

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... Moderate Unreviewed

CVE-2023-22597 was published Jan 13, 2023

Apache James server allows an attacker with local access to access private user data in transit Moderate

CVE-2022-45935 was published for org.apache.james:james-server (Maven) Jan 6, 2023

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate

CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023

usememos/memos missing Secure cookie attribute Moderate

CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed

CVE-2020-4497 was published Dec 15, 2022

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is... Moderate Unreviewed

CVE-2020-9420 was published Dec 14, 2022

Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate

CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer... Moderate Unreviewed

CVE-2022-45877 was published Dec 8, 2022

In certain Secustation products the administrator account password can be read. This affects V2.5... Moderate Unreviewed

CVE-2022-40939 was published Dec 8, 2022

Telepad allows an attacker (in a man-in-the-middle position between the server and a connected... Moderate Unreviewed

CVE-2022-45478 was published Dec 5, 2022

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed

CVE-2022-45480 was published Dec 2, 2022

Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected... Moderate Unreviewed

CVE-2022-45483 was published Dec 2, 2022

The application fails to prevent users from connecting to it over unencrypted connections. An... Moderate Unreviewed

CVE-2021-35246 was published Nov 23, 2022

Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information Moderate

CVE-2022-43691 was published for concrete5/concrete5 (Composer) Nov 15, 2022

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text... Moderate Unreviewed

CVE-2021-38828 was published Nov 14, 2022

"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed

CVE-2022-38710 was published Nov 4, 2022

"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in... Moderate Unreviewed

CVE-2021-39077 was published Nov 4, 2022

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed

CVE-2022-3206 was published Oct 17, 2022

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed

CVE-2022-32227 was published Sep 25, 2022

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain... Moderate Unreviewed

CVE-2022-38846 was published Sep 17, 2022

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed

CVE-2022-30312 was published Sep 8, 2022

Previous 1 2 3 4 5 6 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

275 advisories