Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to... Moderate Unreviewed
CVE-2024-24488 was published Feb 7, 2024
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to... Moderate Unreviewed
CVE-2005-2160 was published May 1, 2022
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie,... Moderate Unreviewed
CVE-2009-2272 was published May 2, 2022
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1,... Moderate Unreviewed
CVE-2004-2397 was published Apr 29, 2022
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for... Moderate Unreviewed
CVE-2001-1536 was published Apr 30, 2022
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie,... Moderate Unreviewed
CVE-2002-1800 was published Apr 30, 2022
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores... Moderate Unreviewed
CVE-2001-1537 was published Apr 30, 2022
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive... Moderate Unreviewed
CVE-2023-31002 was published Feb 7, 2024
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an... Moderate Unreviewed
CVE-2023-20207 was published Jul 12, 2023
Magento 2 Community Edition Weak Cryptography Moderate
CVE-2019-8118 was published for magento/community-edition (Composer) May 24, 2022
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service Moderate
CVE-2023-51702 was published for apache-airflow (pip) Jan 24, 2024
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text Moderate
CVE-2019-10430 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) May 24, 2022
Jenkins Ansible Plugin job configuration form does not mask variables Moderate
CVE-2023-32983 was published for org.jenkins-ci.plugins:ansible (Maven) May 16, 2023
The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information... Moderate Unreviewed
CVE-2023-50294 was published Dec 26, 2023
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR... Moderate Unreviewed
CVE-2019-13947 was published May 24, 2022
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28... Moderate Unreviewed
CVE-2023-40238 was published Dec 7, 2023
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted.... Moderate Unreviewed
CVE-2020-12801 was published May 24, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Jenkins Fortify on Demand Plugin stores credentials in plain text Moderate
CVE-2019-10449 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50777 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Tokens stored in plain text by PaaSLane Estimate Plugin Moderate
CVE-2023-50776 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50773 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin Moderate
CVE-2023-50772 was published for com.zintow:dingding-json-pusher (Maven) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database