GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
506 advisories
Filter by severity
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build...
Moderate
Unreviewed
CVE-2019-16674
was published
May 24, 2022
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580,...
High
Unreviewed
CVE-2019-6845
was published
May 24, 2022
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL...
Moderate
Unreviewed
CVE-2019-15635
was published
May 24, 2022
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub...
Moderate
Unreviewed
CVE-2019-14664
was published
May 24, 2022
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Low
CVE-2020-2210
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
May 24, 2022
A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident...
Moderate
Unreviewed
CVE-2019-10926
was published
May 24, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information
Moderate
CVE-2022-46685
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
Dec 12, 2022
Cleartext transmission of sensitive information. The following products are affected: Acronis...
High
Unreviewed
CVE-2022-30993
was published
May 19, 2022
Cleartext transmission of sensitive information. The following products are affected: Acronis...
High
Unreviewed
CVE-2022-30994
was published
May 19, 2022
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All...
High
Unreviewed
CVE-2022-29874
was published
May 21, 2022
Communication between the client and the server application of the affected products is partially...
Critical
Unreviewed
CVE-2022-3929
was published
Jan 6, 2023
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote...
High
Unreviewed
CVE-2022-38122
was published
Nov 10, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text...
Moderate
Unreviewed
CVE-2021-38828
was published
Nov 14, 2022
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session...
Low
Unreviewed
CVE-2021-42948
was published
Sep 17, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain...
Moderate
Unreviewed
CVE-2022-38846
was published
Sep 17, 2022
A vulnerability has been identified in Siveillance Video Client (All versions). In environments...
Moderate
Unreviewed
CVE-2020-15785
was published
May 24, 2022
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of...
Moderate
Unreviewed
CVE-2020-13528
was published
May 24, 2022
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They...
High
Unreviewed
CVE-2022-31204
was published
Jul 27, 2022
** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue...
High
Unreviewed
CVE-2021-4258
was published
Dec 19, 2022
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may...
High
Unreviewed
CVE-2022-2485
was published
Sep 1, 2022
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials...
High
Unreviewed
CVE-2022-2005
was published
Sep 1, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
Moderate
Unreviewed
CVE-2020-12730
was published
May 24, 2022
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU...
Critical
Unreviewed
CVE-2022-2003
was published
Sep 1, 2022
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller...
High
Unreviewed
CVE-2022-29519
was published
Jun 29, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
ProTip!
Advisories are also available from the
GraphQL API