GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
On boot, the Pillar eve container checks for the existence and content of
“/config/GlobalConfig...
High
Unreviewed
CVE-2023-43633
was published
Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are...
High
Unreviewed
CVE-2023-43634
was published
Sep 21, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to...
High
Unreviewed
CVE-2022-44757
was published
Oct 11, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers...
High
Unreviewed
CVE-2023-5552
was published
Oct 18, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account...
High
Unreviewed
CVE-2023-43905
was published
Oct 26, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the...
High
Unreviewed
CVE-2023-44303
was published
Nov 24, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text...
High
Unreviewed
CVE-2023-6254
was published
Nov 27, 2023
Data leak of password hash through change requests
High
CVE-2023-49280
was published
for
org.xwiki.contrib.changerequest:application-changerequest-default
(Maven)
Dec 5, 2023
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user...
High
Unreviewed
CVE-2023-32268
was published
Dec 6, 2023
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,...
High
Unreviewed
CVE-2023-6421
was published
Jan 1, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config...
High
Unreviewed
CVE-2024-22432
was published
Jan 25, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized...
High
Unreviewed
CVE-2023-27975
was published
Feb 14, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0...
High
Unreviewed
CVE-2023-41677
was published
Apr 9, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due...
High
Unreviewed
CVE-2023-37400
was published
Apr 19, 2024
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows...
High
Unreviewed
CVE-2024-29941
was published
May 7, 2024
Insufficiently protected credentials in GE HealthCare EchoPAC products
High
Unreviewed
CVE-2024-27109
was published
May 14, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
The webserver utilizes basic authentication for its user login to the configuration interface. As...
High
Unreviewed
CVE-2023-41926
was published
Jul 2, 2024
The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key....
High
Unreviewed
CVE-2024-38453
was published
Jul 3, 2024
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-7389
was published
Aug 2, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated...
High
Unreviewed
CVE-2024-39818
was published
Aug 14, 2024
ProTip!
Advisories are also available from the
GraphQL API