Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

163 advisories

Loading
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre... Moderate Unreviewed
CVE-2021-23211 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2019-4471 was published May 24, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance... Moderate Unreviewed
CVE-2020-29024 was published May 24, 2022
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or... Moderate Unreviewed
CVE-2020-4597 was published May 24, 2022
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. Moderate Unreviewed
CVE-2020-35658 was published May 24, 2022
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the... Moderate Unreviewed
CVE-2020-26816 was published May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all... Moderate Unreviewed
CVE-2020-7567 was published May 24, 2022
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption... Moderate Unreviewed
CVE-2020-8150 was published May 24, 2022
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the... Moderate Unreviewed
CVE-2020-27650 was published May 24, 2022
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the... Moderate Unreviewed
CVE-2020-1688 was published May 24, 2022
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the... Moderate Unreviewed
CVE-2020-15767 was published May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH... Moderate Unreviewed
CVE-2020-12398 was published May 24, 2022
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case... Moderate Unreviewed
CVE-2020-15574 was published May 24, 2022
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android... Moderate Unreviewed
CVE-2020-15509 was published May 24, 2022
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery... Moderate Unreviewed
CVE-2020-15302 was published May 24, 2022
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted.... Moderate Unreviewed
CVE-2020-12801 was published May 24, 2022
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A... Moderate Unreviewed
CVE-2020-12772 was published May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane... Moderate Unreviewed
CVE-2020-5879 was published May 24, 2022
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. Moderate Unreviewed
CVE-2020-11685 was published May 24, 2022
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a... Moderate Unreviewed
CVE-2020-11826 was published May 24, 2022
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated... Moderate Unreviewed
CVE-2019-18376 was published May 24, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed
CVE-2020-10941 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It... Moderate Unreviewed
CVE-2019-16063 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database