GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH...
Moderate
Unreviewed
CVE-2020-12398
was published
May 24, 2022
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Moderate
CVE-2020-2250
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
May 24, 2022
An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the...
Moderate
Unreviewed
CVE-2020-15767
was published
May 24, 2022
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the...
Moderate
Unreviewed
CVE-2020-1688
was published
May 24, 2022
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the...
Moderate
Unreviewed
CVE-2020-27650
was published
May 24, 2022
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption...
Moderate
Unreviewed
CVE-2020-8150
was published
May 24, 2022
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all...
Moderate
Unreviewed
CVE-2020-7567
was published
May 24, 2022
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the...
Moderate
Unreviewed
CVE-2020-26816
was published
May 24, 2022
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
Moderate
Unreviewed
CVE-2020-35658
was published
May 24, 2022
IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or...
Moderate
Unreviewed
CVE-2020-4597
was published
May 24, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance...
Moderate
Unreviewed
CVE-2020-29024
was published
May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information,...
Moderate
Unreviewed
CVE-2019-4471
was published
May 24, 2022
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre...
Moderate
Unreviewed
CVE-2021-23211
was published
May 24, 2022
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2021-20567
was published
May 24, 2022
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all...
Moderate
Unreviewed
CVE-2021-22782
was published
May 24, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
Moderate
Unreviewed
CVE-2020-12730
was published
May 24, 2022
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client...
Moderate
Unreviewed
CVE-2021-3882
was published
May 24, 2022
On systems running Arista EOS and CloudEOS with the affected release version, when using shared...
Moderate
Unreviewed
CVE-2021-28496
was published
May 24, 2022
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions....
Moderate
Unreviewed
CVE-2021-35236
was published
May 24, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open...
Moderate
Unreviewed
CVE-2021-3774
was published
May 24, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
Moderate
Unreviewed
CVE-2021-27783
was published
May 26, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have...
Moderate
Unreviewed
CVE-2021-40650
was published
Jun 15, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a...
Moderate
Unreviewed
CVE-2022-20219
was published
Jul 14, 2022
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may...
Moderate
Unreviewed
CVE-2022-38194
was published
Aug 17, 2022
ProTip!
Advisories are also available from the
GraphQL API