GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,009 advisories
Filter by severity
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
Low
CVE-2019-10303
was published
for
org.jenkins-ci.plugins:azure-publishersettings-credentials
(Maven)
May 24, 2022
Jenkins jira-ext Plugin stores credentials unencrypted
High
CVE-2019-10302
was published
for
org.jenkins-ci.plugins:jira-ext
(Maven)
May 24, 2022
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing...
High
Unreviewed
CVE-2022-30018
was published
May 20, 2022
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
Moderate
CVE-2022-30952
was published
for
io.jenkins.blueocean:blueocean-pipeline-scm-api
(Maven)
May 18, 2022
Ansible sets unsafe permissions for sources.list
Moderate
CVE-2014-4659
was published
for
ansible
(pip)
May 17, 2022
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
Moderate
Unreviewed
CVE-2014-0241
was published
May 17, 2022
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64...
Moderate
Unreviewed
CVE-2012-3025
was published
May 17, 2022
Tridium Niagara AX Framework does not properly store credential data, which allows context...
High
Unreviewed
CVE-2012-4028
was published
May 17, 2022
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does...
Moderate
Unreviewed
CVE-2012-5627
was published
May 17, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Moderate
CVE-2014-0105
was published
for
python-keystoneclient
(pip)
May 17, 2022
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var...
High
Unreviewed
CVE-2022-29588
was published
May 17, 2022
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that...
Moderate
Unreviewed
CVE-2022-29587
was published
May 17, 2022
Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2018-1000402
was published
for
com.amazonaws:codedeploy
(Maven)
May 14, 2022
Account takeover in facturascripts
Critical
CVE-2022-1715
was published
for
facturascripts/facturascripts
(Composer)
May 14, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP...
Moderate
Unreviewed
CVE-2018-9280
was published
May 13, 2022
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's...
Moderate
Unreviewed
CVE-2018-9279
was published
May 13, 2022
SiCKRAGE Discloses Plaintext Credentials
Critical
CVE-2018-9160
was published
for
sickrage
(pip)
May 13, 2022
The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by...
Critical
Unreviewed
CVE-2018-9031
was published
May 13, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions...
High
Unreviewed
CVE-2018-7782
was published
May 13, 2022
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05...
High
Unreviewed
CVE-2018-7698
was published
May 13, 2022
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by...
High
Unreviewed
CVE-2018-6618
was published
May 13, 2022
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as,...
High
Unreviewed
CVE-2018-5708
was published
May 13, 2022
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and...
High
Unreviewed
CVE-2018-5543
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11...
High
Unreviewed
CVE-2018-4190
was published
May 13, 2022
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue...
High
Unreviewed
CVE-2018-4170
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API