Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
Credentials transmitted in plain text by OpenShift Deployer Plugin Low
CVE-2020-2155 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 24, 2022
NotMyFault
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble... Moderate Unreviewed
CVE-2021-3792 was published May 24, 2022
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in... Moderate Unreviewed
CVE-2020-4152 was published May 24, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed
CVE-2020-20128 was published May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view... Moderate Unreviewed
CVE-2020-35456 was published May 24, 2022
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP... Moderate Unreviewed
CVE-2021-42699 was published May 24, 2022
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to... Low Unreviewed
CVE-2019-18248 was published May 24, 2022
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use... Moderate Unreviewed
CVE-2005-2069 was published May 1, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2019-4382 was published May 24, 2022
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed
CVE-2022-45480 was published Dec 2, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text High
CVE-2019-10435 was published for org.jenkins-ci.plugins:vault-scm-plugin (Maven) May 24, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45483 was published Dec 2, 2022
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be... High Unreviewed
CVE-2022-36200 was published Aug 29, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20... High Unreviewed
CVE-2022-41636 was published Oct 28, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure... High Unreviewed
CVE-2021-3590 was published Aug 23, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software... Critical Unreviewed
CVE-2022-43724 was published Dec 13, 2022
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... Moderate Unreviewed
CVE-2023-22597 was published Jan 13, 2023
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in... Moderate Unreviewed
CVE-2022-2338 was published Aug 18, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an... High Unreviewed
CVE-2022-32245 was published Aug 11, 2022
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails... Moderate Unreviewed
CVE-2019-10740 was published May 4, 2022
tiny-csrf has openly visible CSRF tokens High
CVE-2022-39287 was published for tiny-csrf (npm) Oct 7, 2022
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1... Low Unreviewed
CVE-2022-33724 was published Aug 6, 2022
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as... Moderate Unreviewed
CVE-2019-10732 was published May 13, 2022
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials... Critical Unreviewed
CVE-2018-11749 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database