GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
335 advisories
Filter by severity
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core ...
Moderate
Unreviewed
CVE-2020-28390
was published
May 24, 2022
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local...
Moderate
Unreviewed
CVE-2020-4913
was published
May 24, 2022
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is...
Moderate
Unreviewed
CVE-2019-14477
was published
May 24, 2022
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An...
Moderate
Unreviewed
CVE-2020-29392
was published
May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Moderate
Unreviewed
CVE-2020-29136
was published
May 24, 2022
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s)...
Moderate
Unreviewed
CVE-2020-28330
was published
May 24, 2022
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an...
Moderate
Unreviewed
CVE-2020-26079
was published
May 24, 2022
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an...
Moderate
Unreviewed
CVE-2020-8152
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear...
Moderate
Unreviewed
CVE-2020-4568
was published
May 24, 2022
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an...
Moderate
Unreviewed
CVE-2020-12316
was published
May 24, 2022
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R)...
Moderate
Unreviewed
CVE-2020-12309
was published
May 24, 2022
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system...
Moderate
Unreviewed
CVE-2020-27747
was published
May 24, 2022
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an...
Moderate
Unreviewed
CVE-2020-7196
was published
May 24, 2022
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure...
Moderate
Unreviewed
CVE-2020-3998
was published
May 24, 2022
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential...
Moderate
Unreviewed
CVE-2020-27646
was published
May 24, 2022
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on...
Moderate
Unreviewed
CVE-2020-1669
was published
May 24, 2022
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some...
Moderate
Unreviewed
CVE-2020-3483
was published
May 24, 2022
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using...
Moderate
Unreviewed
CVE-2020-15646
was published
May 24, 2022
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth...
Moderate
Unreviewed
CVE-2020-13312
was published
May 24, 2022
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is...
Moderate
Unreviewed
CVE-2020-6874
was published
May 24, 2022
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
Moderate
Unreviewed
CVE-2020-24622
was published
May 24, 2022
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI...
Moderate
Unreviewed
CVE-2019-20150
was published
May 24, 2022
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files....
Moderate
Unreviewed
CVE-2020-14334
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that...
Moderate
Unreviewed
CVE-2020-4567
was published
May 24, 2022
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a...
Moderate
Unreviewed
CVE-2020-13915
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API