GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
331 advisories
Filter by severity
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal...
Moderate
Unreviewed
CVE-2021-27785
was published
Jul 31, 2022
BigFix Web Reports authorized users may see SMTP credentials in clear text.
Moderate
Unreviewed
CVE-2022-27544
was published
Jul 20, 2022
HCL Launch stores user credentials in plain clear text which can be read by a local user.
Moderate
Unreviewed
CVE-2022-27548
was published
Jul 7, 2022
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager...
Moderate
Unreviewed
CVE-2022-2221
was published
Jun 28, 2022
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the...
Moderate
Unreviewed
CVE-2022-33953
was published
Jun 25, 2022
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active...
Moderate
Unreviewed
CVE-2021-30651
was published
Jun 25, 2022
The default password for the web application’s root user (the vendor’s private account) was weak...
Moderate
Unreviewed
CVE-2022-1666
was published
Jun 25, 2022
An information disclosure vulnerability exists in the License registration functionality of...
Moderate
Unreviewed
CVE-2022-21184
was published
Jun 18, 2022
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate...
Moderate
Unreviewed
CVE-2022-1342
was published
Jun 16, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),...
Moderate
Unreviewed
CVE-2022-30231
was published
Jun 15, 2022
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82...
Moderate
Unreviewed
CVE-2022-27774
was published
Jun 3, 2022
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak...
Moderate
Unreviewed
CVE-2022-27776
was published
Jun 3, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text...
Moderate
Unreviewed
CVE-2022-29085
was published
Jun 3, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can...
Moderate
Unreviewed
CVE-2021-30169
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure...
Moderate
Unreviewed
CVE-2020-27258
was published
May 24, 2022
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is...
Moderate
Unreviewed
CVE-2020-27839
was published
May 24, 2022
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager...
Moderate
Unreviewed
CVE-2019-11663
was published
May 24, 2022
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32,...
Moderate
Unreviewed
CVE-2019-11664
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear...
Moderate
Unreviewed
CVE-2021-38976
was published
May 24, 2022
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an...
Moderate
Unreviewed
CVE-2021-43332
was published
May 24, 2022
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM...
Moderate
Unreviewed
CVE-2021-38502
was published
May 24, 2022
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below...
Moderate
Unreviewed
CVE-2021-41023
was published
May 24, 2022
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability...
Moderate
Unreviewed
CVE-2020-23036
was published
May 24, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared...
Moderate
Unreviewed
CVE-2021-28496
was published
May 24, 2022
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows...
Moderate
Unreviewed
CVE-2021-38179
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API