GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
457 advisories
Filter by severity
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34885
was published
Nov 4, 2024
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34887
was published
Nov 4, 2024
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34883
was published
Nov 4, 2024
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34882
was published
Nov 4, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50310
was published
Oct 23, 2024
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H...
Moderate
Unreviewed
CVE-2024-9677
was published
Oct 22, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform...
Moderate
Unreviewed
CVE-2024-20462
was published
Oct 16, 2024
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
Moderate
Unreviewed
CVE-2024-47161
was published
Oct 8, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64...
Moderate
Unreviewed
CVE-2024-37187
was published
Sep 27, 2024
Advantech ADAM-5630 shares user credentials plain text between the device and the user source...
Moderate
Unreviewed
CVE-2024-34542
was published
Sep 27, 2024
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and...
Moderate
Unreviewed
CVE-2024-40703
was published
Sep 22, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Moderate
Unreviewed
CVE-2024-47162
was published
Sep 19, 2024
The Eaton Foreseer software provides the feasibility for the user to configure external servers...
Moderate
Unreviewed
CVE-2024-31415
was published
Sep 13, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These...
Moderate
Unreviewed
CVE-2024-39278
was published
Sep 6, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive...
Moderate
Unreviewed
CVE-2024-40704
was published
Aug 15, 2024
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical...
Moderate
Unreviewed
CVE-2024-31800
was published
Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison...
Moderate
Unreviewed
CVE-2024-7813
was published
Aug 15, 2024
Apereo CAS vulnerable to credential leaks for LDAP authentication
Moderate
CVE-2023-28857
was published
for
org.apereo.cas:cas-server-support-x509-core
(Maven)
Aug 5, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App...
Moderate
Unreviewed
CVE-2024-39878
was published
Jul 1, 2024
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile...
Moderate
Unreviewed
CVE-2024-39879
was published
Jul 1, 2024
In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site
Moderate
Unreviewed
CVE-2024-38505
was published
Jun 18, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
ProTip!
Advisories are also available from the
GraphQL API