GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
541 advisories
Filter by severity
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical...
Critical
Unreviewed
CVE-2023-30354
was published
May 10, 2023
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2...
Moderate
Unreviewed
CVE-2023-25070
was published
May 10, 2023
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows...
Moderate
Unreviewed
CVE-2023-29680
was published
May 2, 2023
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an...
Moderate
Unreviewed
CVE-2023-29681
was published
May 2, 2023
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain...
High
Unreviewed
CVE-2023-25437
was published
Apr 27, 2023
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0...
Moderate
Unreviewed
CVE-2019-14942
was published
Apr 16, 2023
Jenkins Kubernetes Plugin does not properly mask credentials
Moderate
CVE-2023-30513
was published
for
org.csanchez.jenkins.plugins:kubernetes
(Maven)
Apr 12, 2023
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30515
was published
for
io.jenkins.plugins:thycotic-devops-secrets-vault
(Maven)
Apr 12, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30514
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
Apr 12, 2023
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials...
High
Unreviewed
CVE-2023-1802
was published
Apr 6, 2023
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default...
Moderate
Unreviewed
CVE-2023-0922
was published
Apr 4, 2023
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java...
High
Unreviewed
CVE-2023-1656
was published
Mar 29, 2023
An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6...
Moderate
Unreviewed
CVE-2023-1648
was published
Mar 28, 2023
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password...
Moderate
Unreviewed
CVE-2023-27927
was published
Mar 27, 2023
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear...
Moderate
Unreviewed
CVE-2022-38458
was published
Mar 21, 2023
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that...
Moderate
Unreviewed
CVE-2023-23915
was published
Feb 23, 2023
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application...
High
Unreviewed
CVE-2022-45546
was published
Feb 15, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in...
High
Unreviewed
CVE-2023-22806
was published
Feb 15, 2023
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows...
Moderate
Unreviewed
CVE-2023-0001
was published
Feb 8, 2023
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS...
High
Unreviewed
CVE-2022-40693
was published
Feb 7, 2023
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive...
High
Unreviewed
CVE-2023-25016
was published
Feb 6, 2023
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being...
Moderate
Unreviewed
CVE-2023-23130
was published
Feb 1, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24440
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when...
Moderate
Unreviewed
CVE-2023-22863
was published
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API