GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20...
High
Unreviewed
CVE-2022-41636
was published
Oct 28, 2022
tiny-csrf has openly visible CSRF tokens
High
CVE-2022-39287
was published
for
tiny-csrf
(npm)
Oct 7, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which...
High
Unreviewed
CVE-2022-2083
was published
Sep 6, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials...
High
Unreviewed
CVE-2022-2005
was published
Sep 1, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may...
High
Unreviewed
CVE-2022-2485
was published
Sep 1, 2022
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be...
High
Unreviewed
CVE-2022-36200
was published
Aug 29, 2022
A flaw was found in Foreman project. A credential leak was identified which will expose Azure...
High
Unreviewed
CVE-2021-3590
was published
Aug 23, 2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an...
High
Unreviewed
CVE-2022-32245
was published
Aug 11, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They...
High
Unreviewed
CVE-2022-31204
was published
Jul 27, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller...
High
Unreviewed
CVE-2022-29519
was published
Jun 29, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are...
High
Unreviewed
CVE-2021-32966
was published
May 26, 2022
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine...
High
Unreviewed
CVE-2022-26077
was published
May 26, 2022
LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.
High
Unreviewed
CVE-2020-20128
was published
May 24, 2022
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
High
CVE-2019-10428
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 24, 2022
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The...
High
Unreviewed
CVE-2021-40366
was published
May 24, 2022
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS...
High
Unreviewed
CVE-2021-0296
was published
May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
The update process of the Circle Parental Control Service on various NETGEAR routers allows...
High
Unreviewed
CVE-2021-40847
was published
May 24, 2022
A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to...
High
Unreviewed
CVE-2021-33883
was published
May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext...
High
Unreviewed
CVE-2020-36423
was published
May 24, 2022
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with...
High
Unreviewed
CVE-2021-32612
was published
May 24, 2022
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before...
High
Unreviewed
CVE-2021-23018
was published
May 24, 2022
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial...
High
Unreviewed
CVE-2020-27185
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API