Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

149 advisories

Loading
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information,... High Unreviewed
CVE-2021-43388 was published Dec 15, 2021
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU... High Unreviewed
CVE-2021-20827 was published Dec 25, 2021
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and... High Unreviewed
CVE-2022-22789 was published Jan 26, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... High Unreviewed
CVE-2021-42642 was published Feb 9, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40363 was published Feb 10, 2022
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores... High Unreviewed
CVE-2021-3551 was published Feb 17, 2022
" Insecure password storage issue.The application stores sensitive information in cleartext... High Unreviewed
CVE-2021-27757 was published Mar 5, 2022
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions... High Unreviewed
CVE-2009-5068 was published Apr 21, 2022
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and... High Unreviewed
CVE-2021-36460 was published Apr 26, 2022
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file,... High Unreviewed
CVE-2001-1481 was published Apr 30, 2022
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file,... High Unreviewed
CVE-2005-1828 was published May 1, 2022
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions... High Unreviewed
CVE-2022-28214 was published May 12, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext... High Unreviewed
CVE-2016-0876 was published May 13, 2022
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS... High Unreviewed
CVE-2018-19981 was published May 13, 2022
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local... High Unreviewed
CVE-2018-19009 was published May 13, 2022
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which... High Unreviewed
CVE-2018-12572 was published May 13, 2022
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk... High Unreviewed
CVE-2017-3214 was published May 13, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive... High Unreviewed
CVE-2018-1877 was published May 13, 2022
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive... High Unreviewed
CVE-2018-10871 was published May 13, 2022
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS)... High Unreviewed
CVE-2018-0089 was published May 13, 2022
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and... High Unreviewed
CVE-2017-9663 was published May 13, 2022
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in... High Unreviewed
CVE-2017-1309 was published May 13, 2022
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... High Unreviewed
CVE-2017-13663 was published May 13, 2022
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true"... High Unreviewed
CVE-2017-16835 was published May 13, 2022
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to... High Unreviewed
CVE-2018-9065 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database