Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
The health endpoint is public so everybody can see a list of all services. It is potentially... Critical Unreviewed
CVE-2024-9798 was published Oct 10, 2024
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp... Critical Unreviewed
CVE-2024-8644 was published Sep 27, 2024
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command... Critical Unreviewed
CVE-2024-40457 was published Sep 12, 2024
The decrypted configuration file contains the password in cleartext which is used to configure... Critical Unreviewed
CVE-2024-36497 was published Jun 24, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ... Critical Unreviewed
CVE-2023-41095 was published Oct 26, 2023
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation... Critical Unreviewed
CVE-2023-2809 was published Oct 4, 2023
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as... Critical Unreviewed
CVE-2023-31069 was published Sep 11, 2023
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing... Critical Unreviewed
CVE-2023-33373 was published Aug 4, 2023
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could... Critical Unreviewed
CVE-2022-3089 was published Feb 13, 2023
A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored... Critical Unreviewed
CVE-2022-43958 was published Nov 8, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Critical Unreviewed
CVE-2020-15332 was published Sep 30, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials Critical
CVE-2021-36782 was published for github.com/rancher/rancher (Go) Sep 23, 2022
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs,... Critical Unreviewed
CVE-2021-29954 was published May 24, 2022
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure... Critical Unreviewed
CVE-2019-13096 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before... Critical Unreviewed
CVE-2018-18641 was published May 13, 2022
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management... Critical Unreviewed
CVE-2018-18394 was published May 13, 2022
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the... Critical Unreviewed
CVE-2017-5250 was published May 13, 2022
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used... Critical Unreviewed
CVE-2017-5249 was published May 13, 2022
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010)... Critical Unreviewed
CVE-2019-0285 was published May 13, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Critical Unreviewed
CVE-2022-25158 was published Apr 3, 2022
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix... Critical Unreviewed
CVE-2022-26148 was published Mar 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database