GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,916
Composer 4,270
Erlang 31
GitHub Actions 21
Go 2,046
Maven 5,231
npm 3,737
NuGet 663
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,347

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

541 advisories

Filter by severity

Sort by

Least recently updated

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical... Critical Unreviewed

CVE-2023-30354 was published May 10, 2023

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2... Moderate Unreviewed

CVE-2023-25070 was published May 10, 2023

Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an... Moderate Unreviewed

CVE-2023-29681 was published May 2, 2023

Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows... Moderate Unreviewed

CVE-2023-29680 was published May 2, 2023

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain... High Unreviewed

CVE-2023-25437 was published Apr 27, 2023

Ironic and ironic-inspector may expose as ConfigMaps Moderate

CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0... Moderate Unreviewed

CVE-2019-14942 was published Apr 16, 2023

Jenkins Kubernetes Plugin does not properly mask credentials Moderate

CVE-2023-30513 was published for org.csanchez.jenkins.plugins:kubernetes (Maven) Apr 12, 2023

Jenkins Azure Key Vault Plugin does not properly mask credentials Moderate

CVE-2023-30514 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) Apr 12, 2023

Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials Moderate

CVE-2023-30515 was published for io.jenkins.plugins:thycotic-devops-secrets-vault (Maven) Apr 12, 2023

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials... High Unreviewed

CVE-2023-1802 was published Apr 6, 2023

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default... Moderate Unreviewed

CVE-2023-0922 was published Apr 4, 2023

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java... High Unreviewed

CVE-2023-1656 was published Mar 29, 2023

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6... Moderate Unreviewed

CVE-2023-1648 was published Mar 28, 2023

An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password... Moderate Unreviewed

CVE-2023-27927 was published Mar 27, 2023

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed

CVE-2022-38458 was published Mar 21, 2023

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that... Moderate Unreviewed

CVE-2023-23915 was published Feb 23, 2023

Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application... High Unreviewed

CVE-2022-45546 was published Feb 15, 2023

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in... High Unreviewed

CVE-2023-22806 was published Feb 15, 2023

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed

CVE-2023-0001 was published Feb 8, 2023

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS... High Unreviewed

CVE-2022-40693 was published Feb 7, 2023

Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive... High Unreviewed

CVE-2023-25016 was published Feb 6, 2023

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being... Moderate Unreviewed

CVE-2023-23130 was published Feb 1, 2023

Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate

CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when... Moderate Unreviewed

CVE-2023-22863 was published Jan 18, 2023

Previous 1 2 … 5 6 7 8 9 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

541 advisories