Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

226 advisories

Loading
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API