Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions... Moderate Unreviewed
CVE-2018-18984 was published May 13, 2022
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not... Moderate Unreviewed
CVE-2015-5537 was published May 13, 2022
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be... Moderate Unreviewed
CVE-2018-1882 was published May 13, 2022
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.... Moderate Unreviewed
CVE-2022-29868 was published May 10, 2022
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the... Moderate Unreviewed
CVE-2010-0225 was published May 2, 2022
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie,... Moderate Unreviewed
CVE-2009-2272 was published May 2, 2022
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication,... Moderate Unreviewed
CVE-2008-0174 was published May 1, 2022
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to... Moderate Unreviewed
CVE-2005-2160 was published May 1, 2022
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie,... Moderate Unreviewed
CVE-2002-1800 was published Apr 30, 2022
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores... Moderate Unreviewed
CVE-2001-1537 was published Apr 30, 2022
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for... Moderate Unreviewed
CVE-2001-1536 was published Apr 30, 2022
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1,... Moderate Unreviewed
CVE-2004-2397 was published Apr 29, 2022
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world... Moderate Unreviewed
CVE-2011-2916 was published Apr 22, 2022
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a... Moderate Unreviewed
CVE-2021-39078 was published Apr 20, 2022
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to... Moderate Unreviewed
CVE-2022-0835 was published Apr 12, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F... Moderate Unreviewed
CVE-2022-25160 was published Apr 3, 2022
3CX System through 2022-03-17 stores cleartext passwords in a database. Moderate Unreviewed
CVE-2021-45491 was published Mar 29, 2022
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed
CVE-2022-23234 was published Mar 17, 2022
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows... Moderate Unreviewed
CVE-2022-26778 was published Mar 11, 2022
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a... Moderate Unreviewed
CVE-2021-43590 was published Mar 5, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could... Moderate Unreviewed
CVE-2021-35036 was published Mar 2, 2022
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local,... Moderate Unreviewed
CVE-2020-14480 was published Feb 25, 2022
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual... Moderate Unreviewed
CVE-2022-21818 was published Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E ... Moderate Unreviewed
CVE-2022-23129 was published Jan 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database