Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

349 advisories

Loading
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
In freeradius, the EAP-PWD function compute_password_element() leaks information about the... High Unreviewed
CVE-2022-41859 was published Jan 17, 2023
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson... High Unreviewed
CVE-2021-36204 was published Jan 13, 2023
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5... High Unreviewed
CVE-2022-2967 was published Jan 4, 2023
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials.... High Unreviewed
CVE-2022-45423 was published Dec 27, 2022
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1,... High Unreviewed
CVE-2022-26341 was published Nov 11, 2022
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3... High Unreviewed
CVE-2022-41575 was published Oct 21, 2022
On cSRX Series devices software permission issues in the container filesystem and stored files... High Unreviewed
CVE-2022-22251 was published Oct 18, 2022
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete... High Unreviewed
CVE-2019-14840 was published Oct 17, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2),... High Unreviewed
CVE-2022-38465 was published Oct 11, 2022
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in... High Unreviewed
CVE-2022-39168 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. High Unreviewed
CVE-2020-15341 was published Sep 30, 2022
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect... High Unreviewed
CVE-2022-37193 was published Sep 28, 2022
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the... High Unreviewed
CVE-2021-20260 was published Aug 27, 2022
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who... High Unreviewed
CVE-2022-34838 was published Aug 25, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all... High Unreviewed
CVE-2022-30296 was published Aug 19, 2022
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all... High Unreviewed
CVE-2022-26844 was published Aug 19, 2022
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static... High Unreviewed
CVE-2022-36524 was published Aug 16, 2022
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to... High Unreviewed
CVE-2022-31205 was published Jul 27, 2022
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices,... High Unreviewed
CVE-2022-28371 was published Jul 15, 2022
Implemented protections on AWS credentials that were not properly protected. High Unreviewed
CVE-2022-22998 was published Jul 13, 2022
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its... High Unreviewed
CVE-2022-1794 was published Jul 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database