Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,208
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,046 advisories

Loading
Sensitive information disclosure due to insufficient token field masking. The following products... Low Unreviewed
CVE-2023-44158 was published Sep 27, 2023
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ... Moderate Unreviewed
CVE-2022-47561 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... Critical Unreviewed
CVE-2023-25531 was published Sep 20, 2023
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom... Moderate Unreviewed
CVE-2023-41010 was published Sep 14, 2023
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores... Moderate Unreviewed
CVE-2023-32338 was published Sep 5, 2023
A pass-back vulnerability exists where an authenticated, remote attacker with administrator... Moderate Unreviewed
CVE-2023-3251 was published Aug 29, 2023
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated... Critical Unreviewed
CVE-2022-45611 was published Aug 22, 2023
Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated... Moderate Unreviewed
CVE-2023-31492 was published Aug 18, 2023
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40345 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-40347 was published for org.jenkins-ci.plugins:maven-artifact-choicelistprovider (Maven) Aug 16, 2023
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4327 was published Aug 15, 2023
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4328 was published Aug 15, 2023
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the... Critical Unreviewed
CVE-2023-20965 was published Aug 14, 2023
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain... Critical Unreviewed
CVE-2023-36082 was published Aug 3, 2023
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119... Moderate Unreviewed
CVE-2022-4926 was published Jul 29, 2023
Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed
CVE-2023-35067 was published Jul 25, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to... High Unreviewed
CVE-2023-31824 was published Jul 13, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.... Critical Unreviewed
CVE-2023-34128 was published Jul 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database