Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

345 advisories

Loading
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini... High Unreviewed
CVE-2023-33263 was published May 25, 2023
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. ... High Unreviewed
CVE-2023-24506 was published May 8, 2023
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40... High Unreviewed
CVE-2023-2335 was published Apr 27, 2023
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS,... High Unreviewed
CVE-2023-26567 was published Apr 26, 2023
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules High Unreviewed
CVE-2023-28089 was published Apr 25, 2023
An HPE OneView appliance dump may expose SAN switch administrative credentials High Unreviewed
CVE-2023-28088 was published Apr 25, 2023
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm,... High Unreviewed
CVE-2021-33589 was published Apr 21, 2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows... High Unreviewed
CVE-2022-4308 was published Apr 19, 2023
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows... High Unreviewed
CVE-2023-25760 was published Apr 19, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access... High Unreviewed
CVE-2023-25407 was published Apr 11, 2023
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated... High Unreviewed
CVE-2023-25413 was published Apr 11, 2023
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in... High Unreviewed
CVE-2022-48433 was published Mar 29, 2023
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being... High Unreviewed
CVE-2023-1518 was published Mar 28, 2023
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in... High Unreviewed
CVE-2023-1137 was published Mar 27, 2023
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F... High Unreviewed
CVE-2023-0457 was published Mar 3, 2023
TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5... High Unreviewed
CVE-2022-47703 was published Feb 17, 2023
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,... High Unreviewed
CVE-2022-40678 was published Feb 16, 2023
An uspecified endpoint in the web server of the switch does not properly authenticate the user... High Unreviewed
CVE-2023-24498 was published Feb 15, 2023
Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through... High Unreviewed
CVE-2023-23463 was published Feb 15, 2023
Media CP Media Control Panel latest version. Insufficiently protected credential change. High Unreviewed
CVE-2023-23466 was published Feb 15, 2023
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12... High Unreviewed
CVE-2023-25191 was published Feb 15, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
In freeradius, the EAP-PWD function compute_password_element() leaks information about the... High Unreviewed
CVE-2022-41859 was published Jan 17, 2023
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson... High Unreviewed
CVE-2021-36204 was published Jan 13, 2023
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5... High Unreviewed
CVE-2022-2967 was published Jan 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database