Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are... High Unreviewed
CVE-2021-32982 was published Apr 5, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in... High Unreviewed
CVE-2021-33022 was published Apr 3, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has... Moderate Unreviewed
CVE-2003-5002 was published Mar 29, 2022
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as... High Unreviewed
CVE-2022-0988 was published Mar 26, 2022
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP... High Unreviewed
CVE-2021-27422 was published Mar 24, 2022
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x... High Unreviewed
CVE-2020-25178 was published Mar 19, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following... Moderate Unreviewed
CVE-2021-41849 was published Mar 13, 2022
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext... High Unreviewed
CVE-2021-40846 was published Mar 5, 2022
The affected product is vulnerable due to cleartext transmission of credentials seen in the... Critical Unreviewed
CVE-2022-21798 was published Feb 26, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router... Critical Unreviewed
CVE-2022-0162 was published Feb 11, 2022
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar... High Unreviewed
CVE-2021-29397 was published Feb 9, 2022
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore,... High Unreviewed
CVE-2021-41835 was published Jan 22, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin Moderate
CVE-2022-23105 was published for org.jenkins-ci.plugins:active-directory (Maven) Jan 13, 2022
NotMyFault
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS... High Unreviewed
CVE-2021-20154 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By... High Unreviewed
CVE-2021-20169 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the... High Unreviewed
CVE-2021-20175 was published Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the... High Unreviewed
CVE-2021-20174 was published Dec 31, 2021
The affected products contain vulnerable firmware, which could allow an attacker to sniff the... High Unreviewed
CVE-2021-4161 was published Dec 28, 2021
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes... High Unreviewed
CVE-2021-45100 was published Dec 17, 2021
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android.... Moderate Unreviewed
CVE-2021-44518 was published Dec 3, 2021
Source code is downloaded over cleartext HTTP in portaudio Moderate
CVE-2016-10933 was published for portaudio (Rust) Aug 25, 2021
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
ProTip! Advisories are also available from the GraphQL API