GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,051 advisories
Filter by severity
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident...
Moderate
Unreviewed
CVE-2024-6749
was published
Nov 26, 2024
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network...
Moderate
Unreviewed
CVE-2024-39290
was published
Nov 22, 2024
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and...
Moderate
Unreviewed
CVE-2024-47142
was published
Nov 22, 2024
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could...
Moderate
Unreviewed
CVE-2021-1232
was published
Nov 18, 2024
In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software...
Moderate
Unreviewed
CVE-2024-47588
was published
Nov 12, 2024
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an...
High
Unreviewed
CVE-2024-51240
was published
Nov 5, 2024
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34885
was published
Nov 4, 2024
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34887
was published
Nov 4, 2024
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34883
was published
Nov 4, 2024
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100...
Moderate
Unreviewed
CVE-2024-34882
was published
Nov 4, 2024
Exposure of vSphere's CPI and CSI credentials in Rancher
High
CVE-2022-45157
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
OpenRefine leaks Google API credentials in releases
High
GHSA-3pg4-qwc8-426r
was published
for
org.openrefine:openrefine
(Maven)
Oct 24, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50310
was published
Oct 23, 2024
Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which...
High
Unreviewed
CVE-2024-43812
was published
Oct 23, 2024
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H...
Moderate
Unreviewed
CVE-2024-9677
was published
Oct 22, 2024
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache...
Critical
Unreviewed
CVE-2024-44000
was published
Oct 20, 2024
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is...
High
Unreviewed
CVE-2024-7755
was published
Oct 17, 2024
The affected product is vulnerable due to insufficiently protected credentials, which may allow...
High
Unreviewed
CVE-2024-49396
was published
Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform...
Moderate
Unreviewed
CVE-2024-20462
was published
Oct 16, 2024
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
Moderate
Unreviewed
CVE-2024-47161
was published
Oct 8, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
Advantech ADAM-5630 shares user credentials plain text between the device and the user source...
Moderate
Unreviewed
CVE-2024-34542
was published
Sep 27, 2024
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64...
Moderate
Unreviewed
CVE-2024-37187
was published
Sep 27, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
ProTip!
Advisories are also available from the
GraphQL API