GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,009 advisories
Filter by severity
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in...
Critical
Unreviewed
CVE-2017-13771
was published
May 13, 2022
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which...
Moderate
Unreviewed
CVE-2015-5955
was published
May 13, 2022
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
Critical
Unreviewed
CVE-2018-11742
was published
May 13, 2022
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover...
Critical
Unreviewed
CVE-2018-20386
was published
May 13, 2022
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover...
Critical
Unreviewed
CVE-2018-20383
was published
May 13, 2022
The IBM Security Access Manager appliance includes configuration files that contain obfuscated...
Moderate
Unreviewed
CVE-2015-5013
was published
May 13, 2022
Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the...
Moderate
Unreviewed
CVE-2015-3962
was published
May 13, 2022
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs...
Critical
Unreviewed
CVE-2017-6028
was published
May 13, 2022
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and...
Moderate
Unreviewed
CVE-2016-9360
was published
May 13, 2022
An exploitable clear text transmission of password vulnerability exists in the web server and...
High
Unreviewed
CVE-2017-12123
was published
May 13, 2022
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4...
Moderate
Unreviewed
CVE-2017-12127
was published
May 13, 2022
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3...
Critical
Unreviewed
CVE-2022-28005
was published
May 7, 2022
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
Moderate
Unreviewed
CVE-2013-7055
was published
May 5, 2022
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
Moderate
Unreviewed
CVE-2013-7052
was published
May 5, 2022
CloudForms stores user passwords in recoverable format
Moderate
Unreviewed
CVE-2013-4423
was published
May 5, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of...
High
Unreviewed
CVE-2007-0681
was published
May 1, 2022
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by...
High
Unreviewed
CVE-2005-3435
was published
May 1, 2022
CGI Script Center News Update 1.1 does not properly validate the original news administration...
High
Unreviewed
CVE-2000-0944
was published
Apr 30, 2022
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access...
High
Unreviewed
CVE-1999-0013
was published
Apr 30, 2022
Claws Mail vCalendar plugin: credentials exposed on interface
Moderate
Unreviewed
CVE-2012-5527
was published
Apr 23, 2022
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A...
High
Unreviewed
CVE-2022-26856
was published
Apr 22, 2022
A malicious actor having access to the exported configuration file may obtain the stored...
Moderate
Unreviewed
CVE-2022-27179
was published
Apr 21, 2022
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in...
Moderate
Unreviewed
CVE-2021-3681
was published
Apr 19, 2022
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701,...
High
Unreviewed
CVE-2022-29457
was published
Apr 19, 2022
ProTip!
Advisories are also available from the
GraphQL API