GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
494 advisories
Filter by severity
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
Moderate
Unreviewed
CVE-2020-23249
was published
May 24, 2022
Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions,...
Moderate
Unreviewed
CVE-2020-25677
was published
May 24, 2022
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored...
High
Unreviewed
CVE-2020-26551
was published
May 24, 2022
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921...
Moderate
Unreviewed
CVE-2020-27557
was published
May 24, 2022
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1...
Moderate
Unreviewed
CVE-2020-8276
was published
May 24, 2022
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2...
Moderate
Unreviewed
CVE-2020-28917
was published
May 24, 2022
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the...
High
Unreviewed
CVE-2020-27613
was published
May 24, 2022
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory...
Low
Unreviewed
CVE-2020-15485
was published
May 24, 2022
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy...
Low
Unreviewed
CVE-2020-7516
was published
May 24, 2022
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store...
Moderate
Unreviewed
CVE-2020-12032
was published
May 24, 2022
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at...
Low
Unreviewed
CVE-2019-18254
was published
May 24, 2022
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and...
Moderate
Unreviewed
CVE-2020-13637
was published
May 24, 2022
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and...
Moderate
Unreviewed
CVE-2019-17655
was published
May 24, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40363
was published
Feb 10, 2022
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding,...
Moderate
Unreviewed
CVE-2020-11821
was published
May 24, 2022
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were...
Moderate
Unreviewed
CVE-2020-11694
was published
May 24, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could...
Moderate
Unreviewed
CVE-2021-35036
was published
Mar 2, 2022
If a user saved passwords before Thunderbird 60 and then later set a master password, an...
Moderate
Unreviewed
CVE-2020-6794
was published
May 24, 2022
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik...
Moderate
Unreviewed
CVE-2019-18238
was published
May 24, 2022
Certain General Electric Renewable Energy products store cleartext credentials in flash memory....
Moderate
Unreviewed
CVE-2022-24120
was published
Dec 26, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
Critical
Unreviewed
CVE-2020-15332
was published
Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Moderate
Unreviewed
CVE-2020-15325
was published
Sep 30, 2022
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including...
Moderate
Unreviewed
CVE-2022-22457
was published
Dec 23, 2022
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it...
Moderate
Unreviewed
CVE-2019-15947
was published
May 24, 2022
A vulnerability, which was classified as problematic, was found in SourceCodester Guest...
High
Unreviewed
CVE-2022-2813
was published
Aug 16, 2022
ProTip!
Advisories are also available from the
GraphQL API