GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
509 advisories
Filter by severity
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive...
Moderate
Unreviewed
CVE-2024-28275
was published
Apr 3, 2024
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary...
High
Unreviewed
CVE-2024-35060
was published
May 21, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Toshiba printers will display the password of the admin user in clear-text and additional...
Moderate
Unreviewed
CVE-2024-27163
was published
Jun 14, 2024
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper...
High
Unreviewed
CVE-2024-37393
was published
Jun 10, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Plain text credentials and session ID can be captured with a network sniffer.
Moderate
Unreviewed
CVE-2024-37183
was published
Jun 21, 2024
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session....
High
Unreviewed
CVE-2024-5996
was published
Jun 14, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-30209
was published
May 14, 2024
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user...
Moderate
Unreviewed
CVE-2024-0098
was published
May 14, 2024
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2...
Moderate
Unreviewed
CVE-2023-51201
was published
Jan 24, 2024
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
TYPO3 Information Disclosure Vulnerability
Moderate
CVE-2017-6370
was published
for
typo3/cms
(Composer)
May 13, 2022
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received
clear text. This could...
High
Unreviewed
CVE-2024-4161
was published
Apr 25, 2024
Windows Printing Service Spoofing Vulnerability
High
Unreviewed
CVE-2024-21406
was published
Feb 13, 2024
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config...
High
Unreviewed
CVE-2022-47892
was published
Oct 3, 2023
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ...
Critical
Unreviewed
CVE-2019-17393
was published
May 24, 2022
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to...
Moderate
Unreviewed
CVE-2020-14171
was published
May 24, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using...
High
Unreviewed
CVE-2022-42916
was published
Oct 29, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure...
Moderate
Unreviewed
CVE-2022-30115
was published
Jun 3, 2022
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API