Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

335 advisories

Loading
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core ... Moderate Unreviewed
CVE-2020-28390 was published May 24, 2022
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local... Moderate Unreviewed
CVE-2020-4913 was published May 24, 2022
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is... Moderate Unreviewed
CVE-2019-14477 was published May 24, 2022
The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An... Moderate Unreviewed
CVE-2020-29392 was published May 24, 2022
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). Moderate Unreviewed
CVE-2020-29136 was published May 24, 2022
Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s)... Moderate Unreviewed
CVE-2020-28330 was published May 24, 2022
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an... Moderate Unreviewed
CVE-2020-26079 was published May 24, 2022
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an... Moderate Unreviewed
CVE-2020-8152 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear... Moderate Unreviewed
CVE-2020-4568 was published May 24, 2022
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an... Moderate Unreviewed
CVE-2020-12316 was published May 24, 2022
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R)... Moderate Unreviewed
CVE-2020-12309 was published May 24, 2022
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system... Moderate Unreviewed
CVE-2020-27747 was published May 24, 2022
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an... Moderate Unreviewed
CVE-2020-7196 was published May 24, 2022
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure... Moderate Unreviewed
CVE-2020-3998 was published May 24, 2022
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential... Moderate Unreviewed
CVE-2020-27646 was published May 24, 2022
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on... Moderate Unreviewed
CVE-2020-1669 was published May 24, 2022
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some... Moderate Unreviewed
CVE-2020-3483 was published May 24, 2022
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using... Moderate Unreviewed
CVE-2020-15646 was published May 24, 2022
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth... Moderate Unreviewed
CVE-2020-13312 was published May 24, 2022
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is... Moderate Unreviewed
CVE-2020-6874 was published May 24, 2022
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Moderate Unreviewed
CVE-2020-24622 was published May 24, 2022
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI... Moderate Unreviewed
CVE-2019-20150 was published May 24, 2022
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files.... Moderate Unreviewed
CVE-2020-14334 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate account lockout setting that... Moderate Unreviewed
CVE-2020-4567 was published May 24, 2022
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a... Moderate Unreviewed
CVE-2020-13915 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database