GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
446 advisories
Filter by severity
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance...
Moderate
Unreviewed
CVE-2020-29024
was published
May 24, 2022
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices...
High
Unreviewed
CVE-2020-23162
was published
May 24, 2022
Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an...
High
Unreviewed
CVE-2020-26732
was published
May 24, 2022
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2020-4597
was published
May 24, 2022
The encryption function of NHIServiSignAdapter fail to verify the file path input by users....
High
Unreviewed
CVE-2020-25842
was published
May 24, 2022
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
Moderate
Unreviewed
CVE-2020-35658
was published
May 24, 2022
** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled....
High
Unreviewed
CVE-2020-35587
was published
May 24, 2022
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and...
High
Unreviewed
CVE-2020-14254
was published
May 24, 2022
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and...
High
Unreviewed
CVE-2020-27055
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2...
High
Unreviewed
CVE-2020-28217
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2...
High
Unreviewed
CVE-2020-28216
was published
May 24, 2022
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the...
Moderate
Unreviewed
CVE-2020-26816
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all...
Moderate
Unreviewed
CVE-2020-7567
was published
May 24, 2022
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption...
Moderate
Unreviewed
CVE-2020-8150
was published
May 24, 2022
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed...
Low
Unreviewed
CVE-2020-8173
was published
May 24, 2022
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting...
High
Unreviewed
CVE-2020-9774
was published
May 24, 2022
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session...
High
Unreviewed
CVE-2020-27651
was published
May 24, 2022
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the...
Moderate
Unreviewed
CVE-2020-27650
was published
May 24, 2022
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the...
Moderate
Unreviewed
CVE-2020-1688
was published
May 24, 2022
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1....
High
Unreviewed
CVE-2020-15771
was published
May 24, 2022
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the...
Moderate
Unreviewed
CVE-2020-15767
was published
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Low
CVE-2020-2239
was published
for
org.jenkins-ci.plugins:Parameterized-Remote-Trigger
(Maven)
May 24, 2022
Credentials stored in plain text by Jenkins tfs Plugin
Low
CVE-2020-2249
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH...
Moderate
Unreviewed
CVE-2020-12398
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API