Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

169 advisories

Loading
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal... High Unreviewed
CVE-2022-41627 was published Jul 6, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure... High Unreviewed
CVE-2023-21219 was published Jun 28, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure... High Unreviewed
CVE-2023-21220 was published Jun 28, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to... High Unreviewed
CVE-2023-31410 was published Jun 19, 2023
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File... High Unreviewed
CVE-2023-23841 was published Jun 16, 2023
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow... High Unreviewed
CVE-2023-1899 was published Jun 12, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker... High Unreviewed
CVE-2023-28348 was published May 31, 2023
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a... High Unreviewed
CVE-2023-31193 was published May 22, 2023
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory... High Unreviewed
CVE-2023-32784 was published May 15, 2023
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain... High Unreviewed
CVE-2023-25437 was published Apr 27, 2023
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials... High Unreviewed
CVE-2023-1802 was published Apr 6, 2023
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java... High Unreviewed
CVE-2023-1656 was published Mar 29, 2023
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application... High Unreviewed
CVE-2022-45546 was published Feb 15, 2023
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in... High Unreviewed
CVE-2023-22806 was published Feb 15, 2023
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS... High Unreviewed
CVE-2022-40693 was published Feb 7, 2023
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive... High Unreviewed
CVE-2023-25016 was published Feb 6, 2023
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep... High Unreviewed
CVE-2022-43551 was published Dec 23, 2022
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be... High Unreviewed
CVE-2022-22758 was published Dec 22, 2022
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol... High Unreviewed
CVE-2022-47895 was published Dec 22, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue... High Unreviewed
CVE-2021-4258 was published Dec 19, 2022
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication... High Unreviewed
CVE-2022-44411 was published Nov 25, 2022
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote... High Unreviewed
CVE-2022-38122 was published Nov 10, 2022
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25... High Unreviewed
CVE-2021-45447 was published Nov 2, 2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using... High Unreviewed
CVE-2022-42916 was published Oct 29, 2022
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20... High Unreviewed
CVE-2022-41636 was published Oct 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database