GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
275 advisories
Filter by severity
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2023-0001
was published
Feb 8, 2023
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being...
Moderate
Unreviewed
CVE-2023-23130
was published
Feb 1, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24440
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when...
Moderate
Unreviewed
CVE-2023-22863
was published
Jan 18, 2023
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version...
Moderate
Unreviewed
CVE-2023-22597
was published
Jan 13, 2023
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Moderate
CVE-2023-0055
was published
for
pyload-ng
(pip)
Jan 5, 2023
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to...
Moderate
Unreviewed
CVE-2020-4497
was published
Dec 15, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is...
Moderate
Unreviewed
CVE-2020-9420
was published
Dec 14, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-46685
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
Dec 12, 2022
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer...
Moderate
Unreviewed
CVE-2022-45877
was published
Dec 8, 2022
In certain Secustation products the administrator account password can be read. This affects V2.5...
Moderate
Unreviewed
CVE-2022-40939
was published
Dec 8, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected...
Moderate
Unreviewed
CVE-2022-45478
was published
Dec 5, 2022
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the...
Moderate
Unreviewed
CVE-2022-45480
was published
Dec 2, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected...
Moderate
Unreviewed
CVE-2022-45483
was published
Dec 2, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An...
Moderate
Unreviewed
CVE-2021-35246
was published
Nov 23, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-43691
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text...
Moderate
Unreviewed
CVE-2021-38828
was published
Nov 14, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information...
Moderate
Unreviewed
CVE-2022-38710
was published
Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in...
Moderate
Unreviewed
CVE-2021-39077
was published
Nov 4, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5...
Moderate
Unreviewed
CVE-2022-32227
was published
Sep 25, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain...
Moderate
Unreviewed
CVE-2022-38846
was published
Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive...
Moderate
Unreviewed
CVE-2022-30312
was published
Sep 8, 2022
ProTip!
Advisories are also available from the
GraphQL API