Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

238 advisories

Loading
The application fails to prevent users from connecting to it over unencrypted connections. An... Moderate Unreviewed
CVE-2021-35246 was published Nov 23, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text... Moderate Unreviewed
CVE-2021-38828 was published Nov 14, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in... Moderate Unreviewed
CVE-2021-39077 was published Nov 4, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed
CVE-2022-3206 was published Oct 17, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain... Moderate Unreviewed
CVE-2022-38846 was published Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed
CVE-2022-30312 was published Sep 8, 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in... Moderate Unreviewed
CVE-2022-2338 was published Aug 18, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local... Moderate Unreviewed
CVE-2022-20243 was published Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-34704 was published Aug 10, 2022
Cleartext transmission of sensitive information vulnerability in authentication management in... Moderate Unreviewed
CVE-2022-27619 was published Aug 4, 2022
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server... Moderate Unreviewed
CVE-2022-28861 was published Jul 22, 2022
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this... Moderate Unreviewed
CVE-2017-20109 was published Jun 30, 2022
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack... Moderate Unreviewed
CVE-2022-1524 was published Jun 25, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission... Moderate Unreviewed
CVE-2022-25805 was published Jun 10, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure... Moderate Unreviewed
CVE-2022-30115 was published Jun 3, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and... Moderate Unreviewed
CVE-2022-29733 was published Jun 3, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28508 was published May 27, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28509 was published May 27, 2022
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP... Moderate Unreviewed
CVE-2021-42699 was published May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view... Moderate Unreviewed
CVE-2020-35456 was published May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2019-4382 was published May 24, 2022
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble... Moderate Unreviewed
CVE-2021-3792 was published May 24, 2022
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database