Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,009 advisories

Loading
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized... High Unreviewed
CVE-2024-8777 was published Sep 16, 2024
Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed
CVE-2023-6916 was published Apr 10, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page Moderate Unreviewed
CVE-2024-47162 was published Sep 19, 2024
Grafana plugin SDK Information Leakage Critical
CVE-2024-8986 was published for github.com/grafana/grafana-plugin-sdk-go (Go) Sep 19, 2024
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain... Moderate Unreviewed
CVE-2024-39733 was published Jul 14, 2024
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
The Eaton Foreseer software provides the feasibility for the user to configure external servers... Moderate Unreviewed
CVE-2024-31415 was published Sep 13, 2024
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
Openstack cinder Improper handling of ScaleIO backend credentials Moderate
CVE-2020-10755 was published for cinder (pip) May 24, 2022
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Apache Superset allowed for database connections password leak for authenticated users Moderate
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,... High Unreviewed
CVE-2024-28981 was published Sep 12, 2024
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
A series of related high-severity vulnerabilities, the most notable enabling remote code... High Unreviewed
CVE-2024-40710 was published Sep 7, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These... Moderate Unreviewed
CVE-2024-39278 was published Sep 6, 2024
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub... Critical Unreviewed
CVE-2024-6118 was published Aug 5, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive... Moderate Unreviewed
CVE-2024-40704 was published Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison... Moderate Unreviewed
CVE-2024-7813 was published Aug 15, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated... High Unreviewed
CVE-2024-39818 was published Aug 14, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an... Moderate Unreviewed
CVE-2024-3082 was published Jul 31, 2024
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file Low
CVE-2019-16572 was published for org.jenkins-ci.plugins:weibo (Maven) May 24, 2022
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by... Moderate Unreviewed
CVE-2024-25052 was published Jun 13, 2024
ProTip! Advisories are also available from the GraphQL API