Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

335 advisories

Loading
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure Moderate Unreviewed
CVE-2013-7055 was published May 5, 2022
CloudForms stores user passwords in recoverable format Moderate Unreviewed
CVE-2013-4423 was published May 5, 2022
Claws Mail vCalendar plugin: credentials exposed on interface Moderate Unreviewed
CVE-2012-5527 was published Apr 23, 2022
A malicious actor having access to the exported configuration file may obtain the stored... Moderate Unreviewed
CVE-2022-27179 was published Apr 21, 2022
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in... Moderate Unreviewed
CVE-2021-3681 was published Apr 19, 2022
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An... Moderate Unreviewed
CVE-2022-22550 was published Apr 13, 2022
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a... Moderate Unreviewed
CVE-2021-45892 was published Apr 6, 2022
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields Moderate Unreviewed
CVE-2022-28651 was published Apr 6, 2022
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to... Moderate Unreviewed
CVE-2022-0859 was published Mar 24, 2022
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise... Moderate Unreviewed
CVE-2022-0862 was published Mar 24, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a... Moderate Unreviewed
CVE-2020-25184 was published Mar 19, 2022
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022... Moderate Unreviewed
CVE-2022-24506 was published Mar 10, 2022
A man-in-the-middle attacker can inject false responses to the client's first few queries,... Moderate Unreviewed
CVE-2021-23222 was published Mar 4, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that... Moderate Unreviewed
CVE-2022-22321 was published Mar 2, 2022
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read... Moderate Unreviewed
CVE-2022-22908 was published Feb 27, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-39026 was published Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... Moderate Unreviewed
CVE-2022-24982 was published Feb 17, 2022
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0... Moderate Unreviewed
CVE-2021-33107 was published Feb 11, 2022
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks... Moderate Unreviewed
CVE-2022-0019 was published Feb 11, 2022
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials... Moderate Unreviewed
CVE-2022-22554 was published Jan 25, 2022
An attacker with physical access to the host can extract the secrets from the registry and create... Moderate Unreviewed
CVE-2021-23207 was published Jan 22, 2022
Users with appropriate file access may be able to access unencrypted user credentials saved by... Moderate Unreviewed
CVE-2021-32039 was published Jan 21, 2022
Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier... Moderate Unreviewed
CVE-2022-0184 was published Jan 18, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and... Moderate Unreviewed
CVE-2021-20163 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb... Moderate Unreviewed
CVE-2021-20164 was published Dec 31, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database