Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS` Low
CVE-2024-41124 was published for puncia (pip) Jul 19, 2024
SCH227 g147
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain... Low Unreviewed
CVE-2023-33833 was published Aug 31, 2023
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as... Low Unreviewed
CVE-2023-4384 was published Aug 16, 2023
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows... Low Unreviewed
CVE-2023-39842 was published Aug 15, 2023
Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to... Low Unreviewed
CVE-2023-39843 was published Aug 15, 2023
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and... Low Unreviewed
CVE-2023-33849 was published Jun 8, 2023
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed... Low Unreviewed
CVE-2020-8173 was published May 24, 2022
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin Low
CVE-2020-2239 was published for org.jenkins-ci.plugins:Parameterized-Remote-Trigger (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins tfs Plugin Low
CVE-2020-2249 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.... Low Unreviewed
CVE-2019-19090 was published May 24, 2022
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through... Low Unreviewed
CVE-2019-4398 was published May 24, 2022
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user... Low Unreviewed
CVE-2019-0307 was published May 24, 2022
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan... Low Unreviewed
CVE-2018-6674 was published May 13, 2022
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices... Low Unreviewed
CVE-2018-8864 was published May 13, 2022
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text Low
CVE-2019-1003052 was published for org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin (Maven) May 13, 2022
Jenkins IRC Plugin stores credentials in plain text Low
CVE-2019-1003051 was published for org.jvnet.hudson.plugins:ircbot (Maven) May 13, 2022
Jenkins OWASP ZAP Plugin stores unencrypted credentials Low
CVE-2019-1003060 was published for org.jenkins-ci.plugins:zap (Maven) May 13, 2022
Jenkins Bitbucket Approve Plugin stores credentials in plain text Low
CVE-2019-1003057 was published for org.jenkins-ci.plugins:bitbucket-approve (Maven) May 13, 2022
Jenkins Aqua Security Scanner Plugin stores credentials in plain text Low
CVE-2019-1003069 was published for org.jenkins-ci.plugins:aqua-security-scanner (Maven) May 13, 2022
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text Low
CVE-2019-1003063 was published for org.jenkins-ci.plugins:snsnotify (Maven) May 13, 2022
Jenkins veracode-scanner Plugin stores credentials in plain text Low
CVE-2019-1003070 was published for org.jenkins-ci.plugins:veracode-scanner (Maven) May 13, 2022
Jenkins aws-device-farm Plugin stores credentials in plain text Low
CVE-2019-1003064 was published for org.jenkins-ci.plugins:aws-device-farm (Maven) May 13, 2022
Jenkins FTP publisher Plugin stores credentials in plain text Low
CVE-2019-1003055 was published for org.jvnet.hudson.plugins:ftppublisher (Maven) May 13, 2022
Jenkins Bugzilla Plugin stores credentials in plain text Low
CVE-2019-1003066 was published for org.jvnet.hudson.plugins:bugzilla (Maven) May 13, 2022
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text Low
CVE-2019-1003062 was published for org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database