Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,043 advisories

Loading
Users with appropriate file access may be able to access unencrypted user credentials saved by... Moderate Unreviewed
CVE-2021-32039 was published Jan 21, 2022
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier... Moderate Unreviewed
CVE-2022-0184 was published Jan 18, 2022
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb... Moderate Unreviewed
CVE-2021-20164 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and... Moderate Unreviewed
CVE-2021-20163 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A... High Unreviewed
CVE-2021-20168 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All... High Unreviewed
CVE-2021-45077 was published Dec 31, 2021
An attacker may obtain the user credentials from the communication between the PLC and the... Critical Unreviewed
CVE-2021-37400 was published Dec 29, 2021
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files... Critical Unreviewed
CVE-2021-37401 was published Dec 29, 2021
Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in... High Unreviewed
CVE-2021-20826 was published Dec 25, 2021
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in... Moderate Unreviewed
CVE-2021-36317 was published Dec 22, 2021
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage... Moderate Unreviewed
CVE-2021-36318 was published Dec 22, 2021
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile... High Unreviewed
CVE-2020-8968 was published Dec 18, 2021
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the... Moderate Unreviewed
CVE-2021-45097 was published Dec 17, 2021
GGLocker iOS application, contains an insecure data storage of the password hash value which... Moderate Unreviewed
CVE-2021-3179 was published Dec 17, 2021
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All... Moderate Unreviewed
CVE-2021-42023 was published Dec 15, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. Moderate Unreviewed
CVE-2021-40857 was published Dec 14, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... Moderate Unreviewed
CVE-2021-37187 was published Dec 11, 2021
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root... Critical Unreviewed
CVE-2021-20146 was published Dec 10, 2021
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37075 was published Dec 9, 2021
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary... High Unreviewed
CVE-2021-43978 was published Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database