Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

494 advisories

Loading
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor... Moderate Unreviewed
CVE-2020-9045 was published May 24, 2022
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions <... Moderate Unreviewed
CVE-2021-33716 was published May 24, 2022
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND... Moderate Unreviewed
CVE-2022-23236 was published Jun 3, 2022
nsufficiently Protected Credentials in ActiveMQ Artemis Moderate
CVE-2020-10727 was published for org.apache.activemq:artemis-commons (Maven) May 24, 2022
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115... Moderate Unreviewed
CVE-2021-26833 was published May 24, 2022
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in... Moderate Unreviewed
CVE-2020-6648 was published May 24, 2022
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a ... High Unreviewed
CVE-2021-28374 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text... Moderate Unreviewed
CVE-2021-20410 was published May 24, 2022
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and... High Unreviewed
CVE-2021-36460 was published Apr 26, 2022
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password... High Unreviewed
CVE-2022-24188 was published Nov 29, 2022
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed
CVE-2021-39078 was published Apr 20, 2022
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to... Moderate Unreviewed
CVE-2022-0835 was published Apr 12, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Critical Unreviewed
CVE-2022-25158 was published Apr 3, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Moderate Unreviewed
CVE-2022-25160 was published Apr 3, 2022
3CX System through 2022-03-17 stores cleartext passwords in a database. Moderate Unreviewed
CVE-2021-45491 was published Mar 29, 2022
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix... Critical Unreviewed
CVE-2022-26148 was published Mar 22, 2022
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed
CVE-2022-23234 was published Mar 17, 2022
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This... Moderate Unreviewed
CVE-2022-42284 was published Jan 13, 2023
ProTip! Advisories are also available from the GraphQL API