Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

256 advisories

Loading
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580,... Moderate Unreviewed
CVE-2019-6846 was published May 24, 2022
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build... Moderate Unreviewed
CVE-2019-16674 was published May 24, 2022
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL... Moderate Unreviewed
CVE-2019-15635 was published May 24, 2022
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub... Moderate Unreviewed
CVE-2019-14664 was published May 24, 2022
A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident... Moderate Unreviewed
CVE-2019-10926 was published May 24, 2022
Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-46685 was published for org.jenkins-ci.plugins:gitea (Maven) Dec 12, 2022
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text... Moderate Unreviewed
CVE-2021-38828 was published Nov 14, 2022
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain... Moderate Unreviewed
CVE-2022-38846 was published Sep 17, 2022
A vulnerability has been identified in Siveillance Video Client (All versions). In environments... Moderate Unreviewed
CVE-2020-15785 was published May 24, 2022
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of... Moderate Unreviewed
CVE-2020-13528 was published May 24, 2022
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. Moderate Unreviewed
CVE-2020-12730 was published May 24, 2022
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this... Moderate Unreviewed
CVE-2017-20109 was published Jun 30, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack... Moderate Unreviewed
CVE-2022-1524 was published Jun 25, 2022
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Moderate
CVE-2023-0055 was published for pyload-ng (pip) Jan 5, 2023
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username... Moderate Unreviewed
CVE-2021-39342 was published May 24, 2022
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission... Moderate Unreviewed
CVE-2022-25805 was published Jun 10, 2022
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed... Moderate Unreviewed
CVE-2021-42111 was published May 24, 2022
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and... Moderate Unreviewed
CVE-2022-29733 was published Jun 3, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28508 was published May 27, 2022
IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts... Moderate Unreviewed
CVE-2020-4980 was published May 24, 2022
This advisory documents the impact of an internally found vulnerability in Arista EOS state... Moderate Unreviewed
CVE-2021-28509 was published May 27, 2022
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can... Moderate Unreviewed
CVE-2021-34687 was published May 24, 2022
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Moderate
CVE-2019-10370 was published for org.jenkins-ci.plugins:mask-passwords (Maven) May 24, 2022
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View... Moderate Unreviewed
CVE-2021-27925 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API