Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,012
Maven
5,000+
npm
3,720
NuGet
662
pip
3,393
Pub
11
RubyGems
889
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Azure Active Directory Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-42306 was published Nov 25, 2021
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can... Moderate Unreviewed
CVE-2021-43327 was published Dec 3, 2021
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers... Moderate Unreviewed
CVE-2020-27413 was published Dec 8, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... Moderate Unreviewed
CVE-2021-37187 was published Dec 11, 2021
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. Moderate Unreviewed
CVE-2021-40857 was published Dec 14, 2021
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All... Moderate Unreviewed
CVE-2021-42023 was published Dec 15, 2021
GGLocker iOS application, contains an insecure data storage of the password hash value which... Moderate Unreviewed
CVE-2021-3179 was published Dec 17, 2021
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the... Moderate Unreviewed
CVE-2021-45097 was published Dec 17, 2021
Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage... Moderate Unreviewed
CVE-2021-36318 was published Dec 22, 2021
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in... Moderate Unreviewed
CVE-2021-36317 was published Dec 22, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and... Moderate Unreviewed
CVE-2021-20163 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb... Moderate Unreviewed
CVE-2021-20164 was published Dec 31, 2021
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier... Moderate Unreviewed
CVE-2022-0184 was published Jan 18, 2022
Users with appropriate file access may be able to access unencrypted user credentials saved by... Moderate Unreviewed
CVE-2021-32039 was published Jan 21, 2022
An attacker with physical access to the host can extract the secrets from the registry and create... Moderate Unreviewed
CVE-2021-23207 was published Jan 22, 2022
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials... Moderate Unreviewed
CVE-2022-22554 was published Jan 25, 2022
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks... Moderate Unreviewed
CVE-2022-0019 was published Feb 11, 2022
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0... Moderate Unreviewed
CVE-2021-33107 was published Feb 11, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database