Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential... High Unreviewed
CVE-2017-0925 was published May 13, 2022
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root... High Unreviewed
CVE-2017-5259 was published May 13, 2022
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl... High Unreviewed
CVE-2021-32934 was published May 20, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication... High Unreviewed
CVE-2022-44411 was published Nov 25, 2022
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a... High Unreviewed
CVE-2018-1600 was published May 13, 2022
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits... High Unreviewed
CVE-2018-8842 was published May 13, 2022
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application... High Unreviewed
CVE-2019-7675 was published May 13, 2022
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes... High Unreviewed
CVE-2021-45100 was published Dec 17, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka High
CVE-2019-12399 was published for org.apache.kafka:kafka (Maven) May 12, 2020
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper... High Unreviewed
CVE-2017-9035 was published May 13, 2022
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
tiny-csrf has openly visible CSRF tokens High
CVE-2022-39287 was published for tiny-csrf (npm) Oct 7, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an... High Unreviewed
CVE-2022-32245 was published Aug 11, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure... High Unreviewed
CVE-2021-3590 was published Aug 23, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20... High Unreviewed
CVE-2022-41636 was published Oct 28, 2022
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be... High Unreviewed
CVE-2022-36200 was published Aug 29, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text High
CVE-2019-10435 was published for org.jenkins-ci.plugins:vault-scm-plugin (Maven) May 24, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed
CVE-2020-20128 was published May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed
CVE-2021-0296 was published May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows... High Unreviewed
CVE-2021-40847 was published May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to... High Unreviewed
CVE-2021-33883 was published May 24, 2022
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before... High Unreviewed
CVE-2021-23018 was published May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in... High Unreviewed
CVE-2019-18231 was published May 24, 2022
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial... High Unreviewed
CVE-2020-27185 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database