Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
666
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic... Critical Unreviewed
CVE-2022-33321 was published Nov 9, 2022
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
"IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in... Moderate Unreviewed
CVE-2021-39077 was published Nov 4, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25... High Unreviewed
CVE-2021-45447 was published Nov 2, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using... High Unreviewed
CVE-2022-42916 was published Oct 29, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20... High Unreviewed
CVE-2022-41636 was published Oct 28, 2022
Free5gc v3.2.1 is vulnerable to Information disclosure. Low Unreviewed
CVE-2022-38870 was published Oct 25, 2022
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7,... Low Unreviewed
CVE-2022-41983 was published Oct 20, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed
CVE-2022-3206 was published Oct 17, 2022
tiny-csrf has openly visible CSRF tokens High
CVE-2022-39287 was published for tiny-csrf (npm) Oct 7, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain... Moderate Unreviewed
CVE-2022-38846 was published Sep 17, 2022
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session... Low Unreviewed
CVE-2021-42948 was published Sep 17, 2022
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive... Moderate Unreviewed
CVE-2022-30312 was published Sep 8, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which... High Unreviewed
CVE-2022-2083 was published Sep 6, 2022
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0... Critical Unreviewed
CVE-2022-34371 was published Sep 3, 2022
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU... Critical Unreviewed
CVE-2022-2003 was published Sep 1, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may... High Unreviewed
CVE-2022-2485 was published Sep 1, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials... High Unreviewed
CVE-2022-2005 was published Sep 1, 2022
Cleartext Transmission of Sensitive Information in moment-timezone Moderate
GHSA-v78c-4p63-2j6c was published for moment-timezone (npm) Aug 30, 2022
scovetta
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be... High Unreviewed
CVE-2022-36200 was published Aug 29, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure... High Unreviewed
CVE-2021-3590 was published Aug 23, 2022
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in... Moderate Unreviewed
CVE-2022-2338 was published Aug 18, 2022
In Core Utilities, there is a possible log information disclosure. This could lead to local... Moderate Unreviewed
CVE-2022-20243 was published Aug 12, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an... High Unreviewed
CVE-2022-32245 was published Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database