GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
256 advisories
Filter by severity
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the...
Moderate
Unreviewed
CVE-2010-4177
was published
Apr 21, 2022
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3...
Moderate
Unreviewed
CVE-2023-47745
was published
Mar 3, 2024
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3...
Moderate
Unreviewed
CVE-2023-42016
was published
Feb 9, 2024
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System,...
Moderate
Unreviewed
CVE-2023-46447
was published
Jan 20, 2024
An attacker with access to the network where the affected devices are located could...
Moderate
Unreviewed
CVE-2023-40544
was published
Feb 7, 2024
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which...
Moderate
Unreviewed
CVE-2008-4122
was published
May 2, 2022
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified...
Moderate
Unreviewed
CVE-2008-3289
was published
May 1, 2022
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map ...
Moderate
Unreviewed
CVE-2005-3140
was published
May 1, 2022
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS)...
Moderate
Unreviewed
CVE-2023-50962
was published
Feb 2, 2024
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the...
Moderate
Unreviewed
CVE-2023-46889
was published
Jan 23, 2024
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local...
Moderate
Unreviewed
CVE-2023-42144
was published
Jan 23, 2024
Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields
Moderate
CVE-2019-10391
was published
for
com.hcl.security:ibm-application-security
(Maven)
May 24, 2022
Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form
Moderate
CVE-2019-10427
was published
for
org.jenkins-ci.plugins:aqua-microscanner
(Maven)
May 24, 2022
Jenkins SCTMExecutor Plugin stores credentials in plain text
Moderate
CVE-2019-16568
was published
for
hudson.plugins.sctmexecutor:SCTMExecutor
(Maven)
May 24, 2022
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2...
Moderate
Unreviewed
CVE-2007-4786
was published
May 1, 2022
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption...
Moderate
Unreviewed
CVE-2004-1852
was published
Apr 29, 2022
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits...
Moderate
Unreviewed
CVE-2002-1949
was published
Apr 30, 2022
For MongoDB Ops Manager 4.2.X with multiple OM application servers, that have SSL turned on for...
Moderate
Unreviewed
CVE-2021-20335
was published
May 24, 2022
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user...
Moderate
Unreviewed
CVE-2023-34829
was published
Dec 28, 2023
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior...
Moderate
Unreviewed
CVE-2023-6094
was published
Dec 31, 2023
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
Cleartext Transmission of Sensitive Information in Apache CXF
Moderate
CVE-2014-0035
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to...
Moderate
Unreviewed
CVE-2023-42579
was published
Dec 5, 2023
On affected platforms running Arista MOS, the configuration of a BGP password will cause the...
Moderate
Unreviewed
CVE-2023-24547
was published
Dec 6, 2023
ProTip!
Advisories are also available from the
GraphQL API