Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin Moderate
CVE-2020-2250 was published for org.jenkins-ci.plugins:soapui-pro-functional-testing (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins tfs Plugin Low
CVE-2020-2249 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin Low
CVE-2020-2239 was published for org.jenkins-ci.plugins:Parameterized-Remote-Trigger (Maven) May 24, 2022
NotMyFault
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH... Moderate Unreviewed
CVE-2020-12398 was published May 24, 2022
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case... Moderate Unreviewed
CVE-2020-15574 was published May 24, 2022
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android... Moderate Unreviewed
CVE-2020-15509 was published May 24, 2022
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery... Moderate Unreviewed
CVE-2020-15302 was published May 24, 2022
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way... High Unreviewed
CVE-2020-10273 was published May 24, 2022
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted.... Moderate Unreviewed
CVE-2020-12801 was published May 24, 2022
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A... Moderate Unreviewed
CVE-2020-12772 was published May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane... Moderate Unreviewed
CVE-2020-5879 was published May 24, 2022
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. Moderate Unreviewed
CVE-2020-11685 was published May 24, 2022
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a... Moderate Unreviewed
CVE-2020-11826 was published May 24, 2022
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated... Moderate Unreviewed
CVE-2019-18376 was published May 24, 2022
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1... High Unreviewed
CVE-2020-10267 was published May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.... Low Unreviewed
CVE-2019-19090 was published May 24, 2022
Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key)... Moderate Unreviewed
CVE-2020-10941 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It... Moderate Unreviewed
CVE-2019-16063 was published May 24, 2022
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database... Moderate Unreviewed
CVE-2019-16062 was published May 24, 2022
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using... Moderate Unreviewed
CVE-2019-12121 was published May 24, 2022
An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure... Moderate Unreviewed
CVE-2020-9470 was published May 24, 2022
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6... Moderate Unreviewed
CVE-2015-0558 was published May 24, 2022
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. Moderate Unreviewed
CVE-2019-16274 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database