GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,022 advisories
Filter by severity
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config...
High
Unreviewed
CVE-2024-22432
was published
Jan 25, 2024
Apache Kylin has Insufficiently Protected Credentials
High
CVE-2023-29055
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jan 29, 2024
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores...
Moderate
Unreviewed
CVE-2024-21869
was published
Feb 2, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Moderate
CVE-2023-50291
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which...
Moderate
Unreviewed
CVE-2024-22312
was published
Feb 10, 2024
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that...
Moderate
Unreviewed
CVE-2022-38714
was published
Feb 12, 2024
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser...
Moderate
Unreviewed
CVE-2022-34311
was published
Feb 12, 2024
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed...
Moderate
Unreviewed
CVE-2024-23306
was published
Feb 14, 2024
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized...
High
Unreviewed
CVE-2023-27975
was published
Feb 14, 2024
The database access credentials configured during installation are stored in a special table, and...
Moderate
Unreviewed
CVE-2023-4538
was published
Feb 15, 2024
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command...
Critical
Unreviewed
CVE-2024-21815
was published
Mar 5, 2024
IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores...
Moderate
Unreviewed
CVE-2021-38938
was published
Mar 15, 2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated...
High
Unreviewed
CVE-2022-47037
was published
Mar 18, 2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication...
Moderate
Unreviewed
CVE-2023-50311
was published
Mar 31, 2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for...
Moderate
Unreviewed
CVE-2024-3165
was published
Apr 2, 2024
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0...
High
Unreviewed
CVE-2023-41677
was published
Apr 9, 2024
Azure Identity Library for .NET Information Disclosure Vulnerability
Moderate
CVE-2024-29992
was published
for
Azure.Identity
(NuGet)
Apr 9, 2024
Audit records for OpenAPI requests may include sensitive information.
This could lead to...
High
Unreviewed
CVE-2023-6916
was published
Apr 10, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due...
High
Unreviewed
CVE-2023-37400
was published
Apr 19, 2024
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's...
Critical
Unreviewed
CVE-2024-32238
was published
Apr 22, 2024
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Low
CVE-2024-34147
was published
for
org.jenkins-ci.plugins:telegrambot
(Maven)
May 2, 2024
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows...
High
Unreviewed
CVE-2024-29941
was published
May 7, 2024
Database scanning using username and password stores the credentials in plaintext or encoded...
Moderate
Unreviewed
CVE-2024-23551
was published
May 8, 2024
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses...
Moderate
Unreviewed
CVE-2024-22345
was published
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API