GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,470

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

494 advisories

Filter by severity

Sort by

Least recently updated

GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext. Moderate Unreviewed

CVE-2020-23249 was published May 24, 2022

Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions,... Moderate Unreviewed

CVE-2020-25677 was published May 24, 2022

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored... High Unreviewed

CVE-2020-26551 was published May 24, 2022

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921... Moderate Unreviewed

CVE-2020-27557 was published May 24, 2022

The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1... Moderate Unreviewed

CVE-2020-8276 was published May 24, 2022

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2... Moderate Unreviewed

CVE-2020-28917 was published May 24, 2022

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the... High Unreviewed

CVE-2020-27613 was published May 24, 2022

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory... Low Unreviewed

CVE-2020-15485 was published May 24, 2022

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy... Low Unreviewed

CVE-2020-7516 was published May 24, 2022

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store... Moderate Unreviewed

CVE-2020-12032 was published May 24, 2022

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at... Low Unreviewed

CVE-2019-18254 was published May 24, 2022

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and... Moderate Unreviewed

CVE-2020-13637 was published May 24, 2022

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and... Moderate Unreviewed

CVE-2019-17655 was published May 24, 2022

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed

CVE-2021-40363 was published Feb 10, 2022

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding,... Moderate Unreviewed

CVE-2020-11821 was published May 24, 2022

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were... Moderate Unreviewed

CVE-2020-11694 was published May 24, 2022

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Moderate Unreviewed

CVE-2021-35036 was published Mar 2, 2022

If a user saved passwords before Thunderbird 60 and then later set a master password, an... Moderate Unreviewed

CVE-2020-6794 was published May 24, 2022

Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik... Moderate Unreviewed

CVE-2019-18238 was published May 24, 2022

Certain General Electric Renewable Energy products store cleartext credentials in flash memory.... Moderate Unreviewed

CVE-2022-24120 was published Dec 26, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Critical Unreviewed

CVE-2020-15332 was published Sep 30, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. Moderate Unreviewed

CVE-2020-15325 was published Sep 30, 2022

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including... Moderate Unreviewed

CVE-2022-22457 was published Dec 23, 2022

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it... Moderate Unreviewed

CVE-2019-15947 was published May 24, 2022

A vulnerability, which was classified as problematic, was found in SourceCodester Guest... High Unreviewed

CVE-2022-2813 was published Aug 16, 2022

Previous 1 2 … 16 17 18 19 20 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

494 advisories