GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,009 advisories
Filter by severity
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
High
Unreviewed
CVE-2023-25532
was published
Sep 20, 2023
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom...
Moderate
Unreviewed
CVE-2023-41010
was published
Sep 14, 2023
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores...
Moderate
Unreviewed
CVE-2023-32338
was published
Sep 5, 2023
A pass-back vulnerability exists where an authenticated, remote attacker with administrator...
Moderate
Unreviewed
CVE-2023-3251
was published
Aug 29, 2023
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated...
Critical
Unreviewed
CVE-2022-45611
was published
Aug 22, 2023
Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated...
Moderate
Unreviewed
CVE-2023-31492
was published
Aug 18, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40347
was published
for
org.jenkins-ci.plugins:maven-artifact-choicelistprovider
(Maven)
Aug 16, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials
Moderate
CVE-2023-40345
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the...
Critical
Unreviewed
CVE-2023-20965
was published
Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain...
Critical
Unreviewed
CVE-2023-36082
was published
Aug 3, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System...
High
Unreviewed
CVE-2023-35067
was published
Jul 25, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file....
Critical
Unreviewed
CVE-2023-34128
was published
Jul 13, 2023
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials
Moderate
CVE-2023-37951
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the...
Moderate
Unreviewed
CVE-2023-36266
was published
Jul 12, 2023
HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username...
Moderate
Unreviewed
CVE-2022-37935
was published
Jul 6, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security...
Critical
Unreviewed
CVE-2022-4693
was published
Jul 6, 2023
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve...
Moderate
Unreviewed
CVE-2022-28291
was published
Jul 6, 2023
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text...
High
Unreviewed
CVE-2020-18406
was published
Jun 27, 2023
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ...
Moderate
Unreviewed
CVE-2023-35789
was published
Jun 16, 2023
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password...
High
Unreviewed
CVE-2022-47376
was published
Jun 13, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which...
Moderate
Unreviewed
CVE-2023-33620
was published
Jun 13, 2023
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all...
Critical
Unreviewed
CVE-2023-26204
was published
Jun 13, 2023
The local Vuforia web application does not support HTTPS, and federated credentials are passed...
High
Unreviewed
CVE-2023-29168
was published
Jun 8, 2023
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build...
Moderate
Unreviewed
CVE-2023-27126
was published
Jun 6, 2023
ProTip!
Advisories are also available from the
GraphQL API