GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
532 advisories
Filter by severity
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal...
High
Unreviewed
CVE-2022-41627
was published
Jul 6, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure...
High
Unreviewed
CVE-2023-21220
was published
Jun 28, 2023
there is a possible use of unencrypted transport over cellular networks due to an insecure...
High
Unreviewed
CVE-2023-21219
was published
Jun 28, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to...
High
Unreviewed
CVE-2023-31410
was published
Jun 19, 2023
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File...
High
Unreviewed
CVE-2023-23841
was published
Jun 16, 2023
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without...
Moderate
Unreviewed
CVE-2023-31195
was published
Jun 13, 2023
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS...
Moderate
Unreviewed
CVE-2022-41327
was published
Jun 13, 2023
Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow...
High
Unreviewed
CVE-2023-1899
was published
Jun 12, 2023
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information...
Moderate
Unreviewed
CVE-2023-27861
was published
Jun 5, 2023
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan...
Critical
Unreviewed
CVE-2023-33730
was published
May 31, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker...
High
Unreviewed
CVE-2023-28348
was published
May 31, 2023
html inputs of type password recorded in plaintext when converted to text inputs
Moderate
CVE-2023-33187
was published
for
highlight.run
(npm)
May 26, 2023
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a...
High
Unreviewed
CVE-2023-31193
was published
May 22, 2023
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause...
Critical
Unreviewed
CVE-2022-46680
was published
May 22, 2023
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A),...
Moderate
Unreviewed
CVE-2023-0864
was published
May 17, 2023
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory...
High
Unreviewed
CVE-2023-32784
was published
May 15, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical...
Critical
Unreviewed
CVE-2023-30354
was published
May 10, 2023
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2...
Moderate
Unreviewed
CVE-2023-25070
was published
May 10, 2023
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows...
Moderate
Unreviewed
CVE-2023-29680
was published
May 2, 2023
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an...
Moderate
Unreviewed
CVE-2023-29681
was published
May 2, 2023
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain...
High
Unreviewed
CVE-2023-25437
was published
Apr 27, 2023
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0...
Moderate
Unreviewed
CVE-2019-14942
was published
Apr 16, 2023
Jenkins Azure Key Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30514
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
Apr 12, 2023
Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials
Moderate
CVE-2023-30515
was published
for
io.jenkins.plugins:thycotic-devops-secrets-vault
(Maven)
Apr 12, 2023
ProTip!
Advisories are also available from the
GraphQL API