Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

282 advisories

Loading
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed
CVE-2020-18406 was published Jun 27, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed
CVE-2022-47376 was published Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed
CVE-2023-29168 was published Jun 8, 2023
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it... High Unreviewed
CVE-2023-22862 was published Jun 5, 2023
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed
CVE-2023-33263 was published May 25, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. ... High Unreviewed
CVE-2023-24506 was published May 8, 2023
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40... High Unreviewed
CVE-2023-2335 was published Apr 27, 2023
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS,... High Unreviewed
CVE-2023-26567 was published Apr 26, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules High Unreviewed
CVE-2023-28089 was published Apr 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials High Unreviewed
CVE-2023-28088 was published Apr 25, 2023
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm,... High Unreviewed
CVE-2021-33589 was published Apr 21, 2023
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows... High Unreviewed
CVE-2023-25760 was published Apr 19, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed
CVE-2022-4308 was published Apr 19, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access... High Unreviewed
CVE-2023-25407 was published Apr 11, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated... High Unreviewed
CVE-2023-25413 was published Apr 11, 2023
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in... High Unreviewed
CVE-2022-48433 was published Mar 29, 2023
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being... High Unreviewed
CVE-2023-1518 was published Mar 28, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... High Unreviewed
CVE-2023-1137 was published Mar 27, 2023
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F... High Unreviewed
CVE-2023-0457 was published Mar 3, 2023
TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5... High Unreviewed
CVE-2022-47703 was published Feb 17, 2023
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,... High Unreviewed
CVE-2022-40678 was published Feb 16, 2023
An uspecified endpoint in the web server of the switch does not properly authenticate the user... High Unreviewed
CVE-2023-24498 was published Feb 15, 2023
ProTip! Advisories are also available from the GraphQL API