Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

462 advisories

Loading
An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows... Moderate Unreviewed
CVE-2023-0001 was published Feb 8, 2023
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS... High Unreviewed
CVE-2022-40693 was published Feb 7, 2023
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive... High Unreviewed
CVE-2023-25016 was published Feb 6, 2023
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being... Moderate Unreviewed
CVE-2023-23130 was published Feb 1, 2023
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when... Moderate Unreviewed
CVE-2023-22863 was published Jan 18, 2023
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... Moderate Unreviewed
CVE-2023-22597 was published Jan 13, 2023
Communication between the client and the server application of the affected products is partially... Critical Unreviewed
CVE-2022-3929 was published Jan 6, 2023
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep... High Unreviewed
CVE-2022-43551 was published Dec 23, 2022
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be... High Unreviewed
CVE-2022-22758 was published Dec 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol... High Unreviewed
CVE-2022-47895 was published Dec 22, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue... High Unreviewed
CVE-2021-4258 was published Dec 19, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to... Moderate Unreviewed
CVE-2020-4497 was published Dec 15, 2022
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is... Moderate Unreviewed
CVE-2020-9420 was published Dec 14, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software... Critical Unreviewed
CVE-2022-43724 was published Dec 13, 2022
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer... Moderate Unreviewed
CVE-2022-45877 was published Dec 8, 2022
In certain Secustation products the administrator account password can be read. This affects V2.5... Moderate Unreviewed
CVE-2022-40939 was published Dec 8, 2022
Telepad allows an attacker (in a man-in-the-middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45478 was published Dec 5, 2022
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the... Moderate Unreviewed
CVE-2022-45480 was published Dec 2, 2022
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected... Moderate Unreviewed
CVE-2022-45483 was published Dec 2, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication... High Unreviewed
CVE-2022-44411 was published Nov 25, 2022
The application fails to prevent users from connecting to it over unencrypted connections. An... Moderate Unreviewed
CVE-2021-35246 was published Nov 23, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text... Moderate Unreviewed
CVE-2021-38828 was published Nov 14, 2022
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote... High Unreviewed
CVE-2022-38122 was published Nov 10, 2022
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic... Critical Unreviewed
CVE-2022-33321 was published Nov 9, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database