GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
354 advisories
Filter by severity
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who...
Moderate
Unreviewed
CVE-2022-34837
was published
Aug 25, 2022
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a...
Moderate
Unreviewed
CVE-2020-25184
was published
Mar 19, 2022
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to...
Moderate
Unreviewed
CVE-2022-0859
was published
Mar 24, 2022
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is storage of Passwords in a...
Moderate
Unreviewed
CVE-2021-45892
was published
Apr 6, 2022
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
Moderate
Unreviewed
CVE-2022-28651
was published
Apr 6, 2022
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An...
Moderate
Unreviewed
CVE-2022-22550
was published
Apr 13, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2021-39026
was published
Feb 19, 2022
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in...
Moderate
Unreviewed
CVE-2021-3681
was published
Apr 19, 2022
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a...
Moderate
Unreviewed
CVE-2022-41732
was published
Nov 28, 2022
A malicious actor having access to the exported configuration file may obtain the stored...
Moderate
Unreviewed
CVE-2022-27179
was published
Apr 21, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when...
Moderate
Unreviewed
CVE-2020-27831
was published
May 24, 2022
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an...
Moderate
Unreviewed
CVE-2021-1589
was published
May 24, 2022
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets,...
Moderate
Unreviewed
CVE-2021-3130
was published
May 24, 2022
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for...
Moderate
Unreviewed
CVE-2021-21448
was published
May 24, 2022
1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.
Moderate
Unreviewed
CVE-2021-26905
was published
May 24, 2022
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass...
Moderate
Unreviewed
CVE-2021-29138
was published
May 24, 2022
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating...
Moderate
Unreviewed
CVE-2021-37452
was published
May 24, 2022
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of...
Moderate
Unreviewed
CVE-2020-12732
was published
May 24, 2022
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain...
Moderate
Unreviewed
CVE-2020-35454
was published
May 24, 2022
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve...
Moderate
Unreviewed
CVE-2021-31857
was published
May 24, 2022
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows...
Moderate
Unreviewed
CVE-2021-32003
was published
May 24, 2022
An API issue in Accessibility TCC permissions was addressed with improved state management. This...
Moderate
Unreviewed
CVE-2021-1873
was published
May 24, 2022
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text...
Moderate
Unreviewed
CVE-2022-29085
was published
Jun 3, 2022
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user...
Moderate
Unreviewed
CVE-2021-40654
was published
May 24, 2022
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows...
Moderate
Unreviewed
CVE-2021-38179
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API