GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,009 advisories
Filter by severity
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command...
Critical
Unreviewed
CVE-2024-21815
was published
Mar 5, 2024
The database access credentials configured during installation are stored in a special table, and...
Moderate
Unreviewed
CVE-2023-4538
was published
Feb 15, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized...
High
Unreviewed
CVE-2023-27975
was published
Feb 14, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed...
Moderate
Unreviewed
CVE-2024-23306
was published
Feb 14, 2024
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser...
Moderate
Unreviewed
CVE-2022-34311
was published
Feb 12, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which...
Moderate
Unreviewed
CVE-2024-22312
was published
Feb 10, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores...
Moderate
Unreviewed
CVE-2024-21869
was published
Feb 2, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config...
High
Unreviewed
CVE-2024-22432
was published
Jan 25, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device...
Moderate
Unreviewed
CVE-2023-49106
was published
Jan 16, 2024
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker...
Moderate
Unreviewed
CVE-2023-50125
was published
Jan 11, 2024
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to...
Moderate
Unreviewed
CVE-2023-29447
was published
Jan 10, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,...
High
Unreviewed
CVE-2023-6421
was published
Jan 1, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials...
Moderate
Unreviewed
CVE-2022-39820
was published
Dec 25, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text...
Moderate
Unreviewed
CVE-2023-47741
was published
Dec 18, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2023-6791
was published
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be...
Moderate
Unreviewed
CVE-2023-47722
was published
Dec 9, 2023
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Moderate
Unreviewed
CVE-2023-24047
was published
Dec 5, 2023
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local...
Moderate
Unreviewed
CVE-2023-44300
was published
Dec 4, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-49653
was published
for
org.jenkins-ci.plugins:jira
(Maven)
Nov 29, 2023
ProTip!
Advisories are also available from the
GraphQL API