Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

331 advisories

Loading
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who... Moderate Unreviewed
CVE-2022-34837 was published Aug 25, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a... Moderate Unreviewed
CVE-2020-25184 was published Mar 19, 2022
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to... Moderate Unreviewed
CVE-2022-0859 was published Mar 24, 2022
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a... Moderate Unreviewed
CVE-2021-45892 was published Apr 6, 2022
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields Moderate Unreviewed
CVE-2022-28651 was published Apr 6, 2022
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An... Moderate Unreviewed
CVE-2022-22550 was published Apr 13, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-39026 was published Feb 19, 2022
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in... Moderate Unreviewed
CVE-2021-3681 was published Apr 19, 2022
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed
CVE-2022-41732 was published Nov 28, 2022
A malicious actor having access to the exported configuration file may obtain the stored... Moderate Unreviewed
CVE-2022-27179 was published Apr 21, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when... Moderate Unreviewed
CVE-2020-27831 was published May 24, 2022
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an... Moderate Unreviewed
CVE-2021-1589 was published May 24, 2022
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets,... Moderate Unreviewed
CVE-2021-3130 was published May 24, 2022
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for... Moderate Unreviewed
CVE-2021-21448 was published May 24, 2022
1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files. Moderate Unreviewed
CVE-2021-26905 was published May 24, 2022
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating... Moderate Unreviewed
CVE-2021-37452 was published May 24, 2022
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass... Moderate Unreviewed
CVE-2021-29138 was published May 24, 2022
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of... Moderate Unreviewed
CVE-2020-12732 was published May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain... Moderate Unreviewed
CVE-2020-35454 was published May 24, 2022
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows... Moderate Unreviewed
CVE-2021-32003 was published May 24, 2022
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve... Moderate Unreviewed
CVE-2021-31857 was published May 24, 2022
An API issue in Accessibility TCC permissions was addressed with improved state management. This... Moderate Unreviewed
CVE-2021-1873 was published May 24, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text... Moderate Unreviewed
CVE-2022-29085 was published Jun 3, 2022
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user... Moderate Unreviewed
CVE-2021-40654 was published May 24, 2022
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows... Moderate Unreviewed
CVE-2021-38179 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database