Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

463 advisories

Loading
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Azure Active Directory Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-42306 was published Nov 25, 2021
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage... Moderate Unreviewed
CVE-2021-36318 was published Dec 22, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb... Moderate Unreviewed
CVE-2021-20164 was published Dec 31, 2021
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks... Moderate Unreviewed
CVE-2022-0019 was published Feb 11, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
ProTip! Advisories are also available from the GraphQL API