GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,470

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

1,009 advisories

Filter by severity

Sort by

Least recently updated

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the... Critical Unreviewed

CVE-2023-20965 was published Aug 14, 2023

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials Moderate

CVE-2023-40347 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) Aug 16, 2023

Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials Moderate

CVE-2023-40345 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023

Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated... Moderate Unreviewed

CVE-2023-31492 was published Aug 18, 2023

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed

CVE-2022-45611 was published Aug 22, 2023

A pass-back vulnerability exists where an authenticated, remote attacker with administrator... Moderate Unreviewed

CVE-2023-3251 was published Aug 29, 2023

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores... Moderate Unreviewed

CVE-2023-32338 was published Sep 5, 2023

Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom... Moderate Unreviewed

CVE-2023-41010 was published Sep 14, 2023

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... Critical Unreviewed

CVE-2023-25531 was published Sep 20, 2023

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed

CVE-2023-25532 was published Sep 20, 2023

** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ... Moderate Unreviewed

CVE-2022-47561 was published Sep 20, 2023

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed

CVE-2023-43630 was published Sep 20, 2023

On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed

CVE-2023-43631 was published Sep 21, 2023

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed

CVE-2023-43633 was published Sep 21, 2023

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed

CVE-2023-43634 was published Sep 21, 2023

OpenStack Barbican credential leak flaw Moderate

CVE-2023-1633 was published for barbican (pip) Sep 24, 2023

Sensitive information disclosure due to insufficient token field masking. The following products... Low Unreviewed

CVE-2023-44158 was published Sep 27, 2023

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device... Moderate Unreviewed

CVE-2023-23370 was published Oct 6, 2023

Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely... Moderate Unreviewed

CVE-2022-42451 was published Oct 11, 2023

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed

CVE-2022-44757 was published Oct 11, 2023

BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An... Moderate Unreviewed

CVE-2022-44758 was published Oct 11, 2023

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed

CVE-2023-27315 was published Oct 12, 2023

Eaton easySoft software is used to program easy controllers and displays for configuring,... Moderate Unreviewed

CVE-2023-43777 was published Oct 17, 2023

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source... Critical Unreviewed

CVE-2023-27132 was published Oct 17, 2023

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed

CVE-2023-5552 was published Oct 18, 2023

Previous 1 2 … 35 36 37 38 39 40 41 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,009 advisories