Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

333 advisories

Loading
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary... High Unreviewed
CVE-2021-43978 was published Dec 9, 2021
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37075 was published Dec 9, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile... High Unreviewed
CVE-2020-8968 was published Dec 18, 2021
Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in... High Unreviewed
CVE-2021-20826 was published Dec 25, 2021
Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All... High Unreviewed
CVE-2021-45077 was published Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A... High Unreviewed
CVE-2021-20168 was published Dec 31, 2021
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. High
CVE-2021-45457 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive... High Unreviewed
CVE-2021-22798 was published Feb 12, 2022
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and... High Unreviewed
CVE-2022-24610 was published Feb 25, 2022
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5,... High Unreviewed
CVE-2022-0738 was published Mar 29, 2022
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an... High Unreviewed
CVE-2022-26948 was published Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database