Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians... Moderate Unreviewed
CVE-2023-40251 was published Aug 17, 2023
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as... Low Unreviewed
CVE-2023-4384 was published Aug 16, 2023
Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to... Low Unreviewed
CVE-2023-39843 was published Aug 15, 2023
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows... Low Unreviewed
CVE-2023-39842 was published Aug 15, 2023
Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to... Moderate Unreviewed
CVE-2023-39841 was published Aug 15, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated,... Moderate Unreviewed
CVE-2023-37858 was published Aug 9, 2023
MindsDB can be made to not verify SSL certificates Critical
CVE-2023-38699 was published for MindsDB (pip) Aug 1, 2023
truesoni
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
The data flowing between the PCU and its modules is insecure. A threat actor with physical access... Moderate Unreviewed
CVE-2023-30561 was published Jul 13, 2023
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain... High Unreviewed
CVE-2023-31819 was published Jul 13, 2023
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31820 was published Jul 13, 2023
An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31825 was published Jul 13, 2023
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31822 was published Jul 13, 2023
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure Moderate
CVE-2023-37943 was published for org.jenkins-ci.plugins:active-directory (Maven) Jul 12, 2023
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored... High Unreviewed
CVE-2023-37192 was published Jul 7, 2023
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An... High Unreviewed
CVE-2023-30602 was published Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and... Low Unreviewed
CVE-2023-33849 was published Jun 8, 2023
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely... High Unreviewed
CVE-2023-34258 was published May 31, 2023
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data... High Unreviewed
CVE-2023-28045 was published May 19, 2023
Jenkins Ansible Plugin stores and displays secrets in plain text Moderate
CVE-2023-32982 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific... Moderate Unreviewed
CVE-2023-21404 was published May 8, 2023
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is... High Unreviewed
CVE-2023-32290 was published May 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access... Moderate Unreviewed
CVE-2023-22948 was published Apr 13, 2023
ProTip! Advisories are also available from the GraphQL API