Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when... High Unreviewed
CVE-2024-29968 was published Apr 19, 2024
The encrypted subject of an email message could be incorrectly and permanently assigned to an... High Unreviewed
CVE-2024-1936 was published Mar 5, 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma... High Unreviewed
CVE-2023-42913 was published Mar 28, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a... High Unreviewed
CVE-2024-22808 was published Apr 22, 2024
Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. High Unreviewed
CVE-2024-22773 was published Feb 6, 2024
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may... High Unreviewed
CVE-2022-43475 was published May 10, 2023
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows... High Unreviewed
CVE-2023-32184 was published Sep 19, 2023
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information... High Unreviewed
CVE-2023-37879 was published Sep 15, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile... High Unreviewed
CVE-2023-40728 was published Sep 14, 2023
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions... High Unreviewed
CVE-2022-46484 was published Aug 2, 2023
Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate... High Unreviewed
CVE-2023-22687 was published Jul 6, 2023
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may... High Unreviewed
CVE-2022-44619 was published May 10, 2023
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the... High Unreviewed
CVE-2019-5627 was published May 24, 2022
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in... High Unreviewed
CVE-2019-5626 was published May 24, 2022
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information... High Unreviewed
CVE-2020-25966 was published May 24, 2022
** UNSUPPPORTED WHEN ASSIGNED ** Sending some requests in the web application of the... High Unreviewed
CVE-2023-41965 was published Sep 18, 2023
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to... High Unreviewed
CVE-2023-45182 was published Dec 14, 2023
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption),... High Unreviewed
CVE-2021-39289 was published May 24, 2022
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a... High Unreviewed
CVE-2021-42913 was published Dec 21, 2021
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view... High Unreviewed
CVE-2021-36546 was published Feb 3, 2023
Insecure Storage of Sensitive Information in Microweber High
CVE-2022-0724 was published for microweber/microweber (Composer) Feb 24, 2022
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be... High Unreviewed
CVE-2022-25264 was published Feb 26, 2022
Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such... High Unreviewed
CVE-2022-37835 was published Sep 13, 2022
ProTip! Advisories are also available from the GraphQL API