Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,009 advisories

Loading
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom... Moderate Unreviewed
CVE-2023-41010 was published Sep 14, 2023
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores... Moderate Unreviewed
CVE-2023-32338 was published Sep 5, 2023
A pass-back vulnerability exists where an authenticated, remote attacker with administrator... Moderate Unreviewed
CVE-2023-3251 was published Aug 29, 2023
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed
CVE-2022-45611 was published Aug 22, 2023
Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated... Moderate Unreviewed
CVE-2023-31492 was published Aug 18, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40347 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) Aug 16, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40345 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the... Critical Unreviewed
CVE-2023-20965 was published Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain... Critical Unreviewed
CVE-2023-36082 was published Aug 3, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.... Critical Unreviewed
CVE-2023-34128 was published Jul 13, 2023
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials Moderate
CVE-2023-37951 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the... Moderate Unreviewed
CVE-2023-36266 was published Jul 12, 2023
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username... Moderate Unreviewed
CVE-2022-37935 was published Jul 6, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security... Critical Unreviewed
CVE-2022-4693 was published Jul 6, 2023
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve... Moderate Unreviewed
CVE-2022-28291 was published Jul 6, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed
CVE-2020-18406 was published Jun 27, 2023
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ... Moderate Unreviewed
CVE-2023-35789 was published Jun 16, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed
CVE-2022-47376 was published Jun 13, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which... Moderate Unreviewed
CVE-2023-33620 was published Jun 13, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all... Critical Unreviewed
CVE-2023-26204 was published Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed... High Unreviewed
CVE-2023-29168 was published Jun 8, 2023
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build... Moderate Unreviewed
CVE-2023-27126 was published Jun 6, 2023
ProTip! Advisories are also available from the GraphQL API