Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0... Moderate Unreviewed
CVE-2020-8355 was published May 24, 2022
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to... Low Unreviewed
CVE-2021-31815 was published May 24, 2022
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with... High Unreviewed
CVE-2021-32612 was published May 24, 2022
Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over... Moderate Unreviewed
CVE-2021-3003 was published May 24, 2022
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial... High Unreviewed
CVE-2020-27185 was published May 24, 2022
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is... Moderate Unreviewed
CVE-2021-27924 was published May 24, 2022
Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote... Moderate Unreviewed
CVE-2021-33408 was published May 24, 2022
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android.... Moderate Unreviewed
CVE-2021-44518 was published Dec 3, 2021
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in... High Unreviewed
CVE-2019-18231 was published May 24, 2022
When using http protocol, the user password is transmitted as a clear text parameter for which it... Moderate Unreviewed
CVE-2021-23846 was published May 24, 2022
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before... High Unreviewed
CVE-2021-23018 was published May 24, 2022
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of... Moderate Unreviewed
CVE-2021-23896 was published May 24, 2022
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone.... Critical Unreviewed
CVE-2021-22380 was published May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2151 was published for org.jenkins-ci.plugins:quality-gates (Maven) May 24, 2022
NotMyFault
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration Low
CVE-2020-2150 was published for org.jenkins-ci.plugins:sonar-quality-gates (Maven) May 24, 2022
NotMyFault
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the... Moderate Unreviewed
CVE-2021-29769 was published May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to... High Unreviewed
CVE-2021-33883 was published May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows... High Unreviewed
CVE-2021-40847 was published May 24, 2022
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to... Moderate Unreviewed
CVE-2021-39882 was published May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed
CVE-2021-0296 was published May 24, 2022
Free5gc v3.2.1 is vulnerable to Information disclosure. Low Unreviewed
CVE-2022-38870 was published Oct 25, 2022
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an... Moderate Unreviewed
CVE-2021-38418 was published May 24, 2022
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6... Moderate Unreviewed
CVE-2021-29753 was published May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database