Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,084
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

1,070 advisories

Loading
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ... Moderate Unreviewed
CVE-2024-35208 was published Jun 11, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication Moderate
CVE-2023-28857 was published for org.apereo.cas:cas-server-support-x509-core (Maven) Aug 5, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-7389 was published Aug 2, 2024
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access... High Unreviewed
CVE-1999-0013 was published Apr 30, 2022
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed
CVE-2024-29941 was published May 7, 2024
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Moderate Unreviewed
CVE-2023-24047 was published Dec 5, 2023
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs... High Unreviewed
CVE-2019-20470 was published May 24, 2022
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed
CVE-2022-47037 was published Mar 18, 2024
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the... High Unreviewed
CVE-2020-11925 was published May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an... High Unreviewed
CVE-2020-29583 was published May 24, 2022
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity... Critical Unreviewed
CVE-2017-9248 was published May 13, 2022
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key.... High Unreviewed
CVE-2024-38453 was published Jul 3, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1... Critical Unreviewed
CVE-2024-37051 was published Jun 10, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext Low
CVE-2024-34147 was published for org.jenkins-ci.plugins:telegrambot (Maven) May 2, 2024
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This... Low Unreviewed
CVE-2024-30119 was published Jun 15, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's... Critical Unreviewed
CVE-2024-32238 was published Apr 22, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As... High Unreviewed
CVE-2023-41926 was published Jul 2, 2024
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile... Moderate Unreviewed
CVE-2024-39879 was published Jul 1, 2024
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App... Moderate Unreviewed
CVE-2024-39878 was published Jul 1, 2024
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site Moderate Unreviewed
CVE-2024-38505 was published Jun 18, 2024
Utilizing default credentials, an attacker is able to log into the camera's operating system... Unknown Unreviewed
CVE-2024-38282 was published Jun 13, 2024
Logs storing credentials are insufficiently protected and can be decoded through the use of open... Unknown Unreviewed
CVE-2024-38285 was published Jun 13, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database