Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user... High Unreviewed
CVE-2019-10960 was published May 24, 2022
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to... High Unreviewed
CVE-2019-3800 was published May 24, 2022
Calamares through 3.2.4 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600... High Unreviewed
CVE-2019-13179 was published May 24, 2022
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a... High Unreviewed
CVE-2019-12847 was published May 24, 2022
Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1,... High Unreviewed
CVE-2019-11271 was published May 24, 2022
Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the... High Unreviewed
CVE-2019-6452 was published May 24, 2022
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the... High Unreviewed
CVE-2019-11369 was published May 24, 2022
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in... High Unreviewed
CVE-2019-5626 was published May 24, 2022
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the... High Unreviewed
CVE-2019-5627 was published May 24, 2022
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and... High Unreviewed
CVE-2020-27986 was published May 24, 2022
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to... High Unreviewed
CVE-2020-11965 was published May 24, 2022
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port... High Unreviewed
CVE-2020-15483 was published May 24, 2022
CGI Script Center News Update 1.1 does not properly validate the original news administration... High Unreviewed
CVE-2000-0944 was published Apr 30, 2022
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by... High Unreviewed
CVE-2005-3435 was published May 1, 2022
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of... High Unreviewed
CVE-2007-0681 was published May 1, 2022
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed
CVE-2023-27975 was published Feb 14, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk High
CVE-2018-1000424 was published for org.jenkins-ci.plugins:artifactory (Maven) May 13, 2022
Jenkins SonarQube Scanner Plugin stored server authentication token in plain text High
CVE-2018-1000425 was published for org.jenkins-ci.plugins:sonar (Maven) May 13, 2022
Jenkins Kmap Plugin stores credentials in plain text High
CVE-2019-10294 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins StarTeam Plugin stores credentials in plain text High
CVE-2019-10277 was published for hudson.plugins:starteam (Maven) May 13, 2022
Jenkins Assembla Auth Plugin stores credentials in plain text High
CVE-2019-10280 was published for org.jenkins-ci.plugins:assembla-auth (Maven) May 13, 2022
Jenkins Crowd 2 Integration Plugin stored credentials in plain text High
CVE-2018-1000423 was published for org.jenkins-ci.plugins:crowd2 (Maven) May 13, 2022
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed
CVE-2023-6421 was published Jan 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database