Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,046 advisories

Loading
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an... Moderate Unreviewed
CVE-2023-6791 was published Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be... Moderate Unreviewed
CVE-2023-47722 was published Dec 9, 2023
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed
CVE-2023-32268 was published Dec 6, 2023
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Moderate Unreviewed
CVE-2023-24047 was published Dec 5, 2023
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local... Moderate Unreviewed
CVE-2023-44300 was published Dec 4, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-49653 was published for org.jenkins-ci.plugins:jira (Maven) Nov 29, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed
CVE-2023-6254 was published Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0... Moderate Unreviewed
CVE-2023-41676 was published Nov 14, 2023
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and... Moderate Unreviewed
CVE-2023-26221 was published Nov 8, 2023
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability... Moderate Unreviewed
CVE-2023-38328 was published Oct 27, 2023
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote... Moderate Unreviewed
CVE-2020-17477 was published Oct 26, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed
CVE-2023-43905 was published Oct 26, 2023
Jenkins Warnings Plugin exposures system-scoped credentials Moderate
CVE-2023-46651 was published for io.jenkins.plugins:warnings-ng (Maven) Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source... Critical Unreviewed
CVE-2023-27132 was published Oct 17, 2023
Eaton easySoft software is used to program easy controllers and displays for configuring,... Moderate Unreviewed
CVE-2023-43777 was published Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed
CVE-2023-27315 was published Oct 12, 2023
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An... Moderate Unreviewed
CVE-2022-44758 was published Oct 11, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely... Moderate Unreviewed
CVE-2022-42451 was published Oct 11, 2023
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device... Moderate Unreviewed
CVE-2023-23370 was published Oct 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database