GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
275 advisories
Filter by severity
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2023-0001
was published
Feb 8, 2023
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open...
Moderate
Unreviewed
CVE-2021-3774
was published
May 24, 2022
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations....
Moderate
Unreviewed
CVE-2021-31855
was published
May 24, 2022
html inputs of type password recorded in plaintext when converted to text inputs
Moderate
CVE-2023-33187
was published
for
highlight.run
(npm)
May 26, 2023
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-34804
was published
for
org.jenkins-ci.plugins:opsgenie
(Maven)
Jul 1, 2022
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2251
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in...
Moderate
Unreviewed
CVE-2021-39077
was published
Nov 4, 2022
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default...
Moderate
Unreviewed
CVE-2023-0922
was published
Apr 4, 2023
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during...
Moderate
Unreviewed
CVE-2019-10101
was published
May 24, 2022
The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server...
Moderate
Unreviewed
CVE-2022-28861
was published
Jul 22, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5...
Moderate
Unreviewed
CVE-2022-32227
was published
Sep 25, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Apache James server allows an attacker with local access to access private user data in transit
Moderate
CVE-2022-45935
was published
for
org.apache.james:james-server
(Maven)
Jan 6, 2023
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer...
Moderate
Unreviewed
CVE-2022-45877
was published
Dec 8, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An...
Moderate
Unreviewed
CVE-2021-35246
was published
Nov 23, 2022
usememos/memos missing Secure cookie attribute
Moderate
CVE-2022-4683
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-34704
was published
Aug 10, 2022
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30515
was published
for
io.jenkins.plugins:thycotic-devops-secrets-vault
(Maven)
Apr 12, 2023
Jenkins Kubernetes Plugin does not properly mask credentials
Moderate
CVE-2023-30513
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
Apr 12, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30514
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
Apr 12, 2023
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6...
Moderate
Unreviewed
CVE-2023-1648
was published
Mar 28, 2023
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password...
Moderate
Unreviewed
CVE-2023-27927
was published
Mar 27, 2023
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear...
Moderate
Unreviewed
CVE-2022-38458
was published
Mar 21, 2023
ProTip!
Advisories are also available from the
GraphQL API