GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
787 advisories
Filter by severity
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized...
High
Unreviewed
CVE-2024-8777
was published
Sep 16, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Moderate
Unreviewed
CVE-2024-47162
was published
Sep 19, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
The Eaton Foreseer software provides the feasibility for the user to configure external servers...
Moderate
Unreviewed
CVE-2024-31415
was published
Sep 13, 2024
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8,...
High
Unreviewed
CVE-2024-28981
was published
Sep 12, 2024
A series of related high-severity vulnerabilities, the most notable enabling remote code...
High
Unreviewed
CVE-2024-40710
was published
Sep 7, 2024
Credentials to access device configuration information stored unencrypted in flash memory. These...
Moderate
Unreviewed
CVE-2024-39278
was published
Sep 6, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive...
Moderate
Unreviewed
CVE-2024-40704
was published
Aug 15, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison...
Moderate
Unreviewed
CVE-2024-7813
was published
Aug 15, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions ...
Moderate
Unreviewed
CVE-2024-35208
was published
Jun 11, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-7389
was published
Aug 2, 2024
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access...
High
Unreviewed
CVE-1999-0013
was published
Apr 30, 2022
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows...
High
Unreviewed
CVE-2024-29941
was published
May 7, 2024
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows...
Moderate
Unreviewed
CVE-2023-24047
was published
Dec 5, 2023
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs...
High
Unreviewed
CVE-2019-20470
was published
May 24, 2022
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the...
High
Unreviewed
CVE-2020-11925
was published
May 24, 2022
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an...
High
Unreviewed
CVE-2020-29583
was published
May 24, 2022
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for...
Moderate
Unreviewed
CVE-2024-3165
was published
Apr 2, 2024
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity...
Critical
Unreviewed
CVE-2017-9248
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API