GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
286 advisories
Filter by severity
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to...
High
Unreviewed
CVE-2022-44757
was published
Oct 11, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are...
High
Unreviewed
CVE-2023-43634
was published
Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of
“/config...
High
Unreviewed
CVE-2023-43631
was published
Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of
“/config/GlobalConfig...
High
Unreviewed
CVE-2023-43633
was published
Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was...
High
Unreviewed
CVE-2023-43630
was published
Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
High
Unreviewed
CVE-2023-25532
was published
Sep 20, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System...
High
Unreviewed
CVE-2023-35067
was published
Jul 25, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text...
High
Unreviewed
CVE-2020-18406
was published
Jun 27, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password...
High
Unreviewed
CVE-2022-47376
was published
Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed...
High
Unreviewed
CVE-2023-29168
was published
Jun 8, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it...
High
Unreviewed
CVE-2023-22862
was published
Jun 5, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini...
High
Unreviewed
CVE-2023-33263
was published
May 25, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
...
High
Unreviewed
CVE-2023-24506
was published
May 8, 2023
Plaintext Password in Registry
vulnerability in 42gears surelock windows surelockwinsetupv2.40...
High
Unreviewed
CVE-2023-2335
was published
Apr 27, 2023
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS,...
High
Unreviewed
CVE-2023-26567
was published
Apr 26, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
High
Unreviewed
CVE-2023-28089
was published
Apr 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials
High
Unreviewed
CVE-2023-28088
was published
Apr 25, 2023
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm,...
High
Unreviewed
CVE-2021-33589
was published
Apr 21, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows...
High
Unreviewed
CVE-2022-4308
was published
Apr 19, 2023
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows...
High
Unreviewed
CVE-2023-25760
was published
Apr 19, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access...
High
Unreviewed
CVE-2023-25407
was published
Apr 11, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated...
High
Unreviewed
CVE-2023-25413
was published
Apr 11, 2023
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in...
High
Unreviewed
CVE-2022-48433
was published
Mar 29, 2023
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being...
High
Unreviewed
CVE-2023-1518
was published
Mar 28, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in...
High
Unreviewed
CVE-2023-1137
was published
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API