Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,009 advisories

Loading
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text Low
CVE-2019-10303 was published for org.jenkins-ci.plugins:azure-publishersettings-credentials (Maven) May 24, 2022
Jenkins jira-ext Plugin stores credentials unencrypted High
CVE-2019-10302 was published for org.jenkins-ci.plugins:jira-ext (Maven) May 24, 2022
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing... High Unreviewed
CVE-2022-30018 was published May 20, 2022
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin Moderate
CVE-2022-30952 was published for io.jenkins.blueocean:blueocean-pipeline-scm-api (Maven) May 18, 2022
NotMyFault
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable Moderate Unreviewed
CVE-2014-0241 was published May 17, 2022
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64... Moderate Unreviewed
CVE-2012-3025 was published May 17, 2022
Tridium Niagara AX Framework does not properly store credential data, which allows context... High Unreviewed
CVE-2012-4028 was published May 17, 2022
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does... Moderate Unreviewed
CVE-2012-5627 was published May 17, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Moderate
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var... High Unreviewed
CVE-2022-29588 was published May 17, 2022
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that... Moderate Unreviewed
CVE-2022-29587 was published May 17, 2022
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials Moderate
CVE-2018-1000402 was published for com.amazonaws:codedeploy (Maven) May 14, 2022
Account takeover in facturascripts Critical
CVE-2022-1715 was published for facturascripts/facturascripts (Composer) May 14, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP... Moderate Unreviewed
CVE-2018-9280 was published May 13, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's... Moderate Unreviewed
CVE-2018-9279 was published May 13, 2022
SiCKRAGE Discloses Plaintext Credentials Critical
CVE-2018-9160 was published for sickrage (pip) May 13, 2022
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by... Critical Unreviewed
CVE-2018-9031 was published May 13, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions... High Unreviewed
CVE-2018-7782 was published May 13, 2022
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05... High Unreviewed
CVE-2018-7698 was published May 13, 2022
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by... High Unreviewed
CVE-2018-6618 was published May 13, 2022
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as,... High Unreviewed
CVE-2018-5708 was published May 13, 2022
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and... High Unreviewed
CVE-2018-5543 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11... High Unreviewed
CVE-2018-4190 was published May 13, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... High Unreviewed
CVE-2018-4170 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API