Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

529 advisories

Loading
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive... Moderate Unreviewed
CVE-2024-3543 was published May 2, 2024
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure... Moderate Unreviewed
CVE-2024-28961 was published Apr 29, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability Moderate
CVE-2024-29992 was published for Azure.Identity (NuGet) Apr 9, 2024
scottaddie
Credited to scottaddie
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid... Moderate Unreviewed
CVE-2024-20282 was published Apr 3, 2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for... Moderate Unreviewed
CVE-2024-3165 was published Apr 2, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication... Moderate Unreviewed
CVE-2023-50311 was published Mar 31, 2024
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By... Moderate Unreviewed
CVE-2024-29216 was published Mar 25, 2024
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores... Moderate Unreviewed
CVE-2021-38938 was published Mar 15, 2024
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked... Moderate Unreviewed
CVE-2023-50436 was published Feb 29, 2024
The database access credentials configured during installation are stored in a special table, and... Moderate Unreviewed
CVE-2023-4538 was published Feb 15, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed... Moderate Unreviewed
CVE-2024-23306 was published Feb 14, 2024
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser... Moderate Unreviewed
CVE-2022-34311 was published Feb 12, 2024
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that... Moderate Unreviewed
CVE-2022-38714 was published Feb 12, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which... Moderate Unreviewed
CVE-2024-22312 was published Feb 10, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
Credited to m3t3kh4n
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores... Moderate Unreviewed
CVE-2024-21869 was published Feb 2, 2024
HPE OneView may have a missing passphrase during restore. Moderate Unreviewed
CVE-2023-6573 was published Jan 23, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device... Moderate Unreviewed
CVE-2023-49106 was published Jan 16, 2024
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker... Moderate Unreviewed
CVE-2023-50125 was published Jan 11, 2024
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to... Moderate Unreviewed
CVE-2023-29447 was published Jan 10, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials... Moderate Unreviewed
CVE-2022-39820 was published Dec 25, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text... Moderate Unreviewed
CVE-2023-47741 was published Dec 18, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an... Moderate Unreviewed
CVE-2023-6791 was published Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Credited to westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database