GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,385

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

144 advisories

Filter by severity

Sort by

Least recently updated

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache... Critical Unreviewed

CVE-2024-44000 was published Oct 20, 2024

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub... Critical Unreviewed

CVE-2024-6118 was published Aug 5, 2024

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity... Critical Unreviewed

CVE-2017-9248 was published May 13, 2022

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed

CVE-2024-37051 was published Jun 10, 2024

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's... Critical Unreviewed

CVE-2024-32238 was published Apr 22, 2024

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ... Critical Unreviewed

CVE-2019-17393 was published May 24, 2022

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source... Critical Unreviewed

CVE-2023-27132 was published Oct 17, 2023

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... Critical Unreviewed

CVE-2023-25531 was published Sep 20, 2023

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the... Critical Unreviewed

CVE-2023-20965 was published Aug 14, 2023

An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain... Critical Unreviewed

CVE-2023-36082 was published Aug 3, 2023

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.... Critical Unreviewed

CVE-2023-34128 was published Jul 13, 2023

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security... Critical Unreviewed

CVE-2022-4693 was published Jul 6, 2023

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all... Critical Unreviewed

CVE-2023-26204 was published Jun 13, 2023

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 ... Critical Unreviewed

CVE-2023-1778 was published Apr 27, 2023

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal... Critical Unreviewed

CVE-2023-28131 was published Apr 24, 2023

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the... Critical Unreviewed

CVE-2019-1384 was published May 24, 2022

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative... Critical Unreviewed

CVE-2020-15921 was published May 24, 2022

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems... Critical Unreviewed

CVE-2019-3431 was published May 24, 2022

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed

CVE-2019-14929 was published May 24, 2022

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface... Critical Unreviewed

CVE-2019-13400 was published May 24, 2022

LemonLDAP::NG -2.0.3 has Incorrect Access Control. Critical Unreviewed

CVE-2019-12046 was published May 24, 2022

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows... Critical Unreviewed

CVE-2019-11350 was published May 24, 2022

** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615... Critical Unreviewed

CVE-2020-26097 was published May 24, 2022

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command... Critical Unreviewed

CVE-2024-21815 was published Mar 5, 2024

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed

CVE-2022-45611 was published Aug 22, 2023

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

144 advisories