GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 234,992

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

300 advisories

Filter by severity

Sort by

Least recently updated

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface,... Moderate Unreviewed

CVE-2018-20008 was published May 24, 2022

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain... Moderate Unreviewed

CVE-2022-22484 was published May 18, 2022

SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which... Moderate Unreviewed

CVE-2008-6157 was published May 17, 2022

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non... Moderate Unreviewed

CVE-2018-19279 was published May 13, 2022

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally... Moderate Unreviewed

CVE-2018-11242 was published May 13, 2022

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital... Moderate Unreviewed

CVE-2018-10812 was published May 13, 2022

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of... Moderate Unreviewed

CVE-2017-2723 was published May 13, 2022

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous... Moderate Unreviewed

CVE-2017-14990 was published May 13, 2022

EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the... Moderate Unreviewed

CVE-2018-17489 was published May 13, 2022

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain... Moderate Unreviewed

CVE-2018-1621 was published May 13, 2022

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always... Moderate Unreviewed

CVE-2018-5559 was published May 13, 2022

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81... Moderate Unreviewed

CVE-2019-5765 was published May 13, 2022

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee... Moderate Unreviewed

CVE-2019-3606 was published May 13, 2022

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1... Moderate Unreviewed

CVE-2019-3612 was published May 13, 2022

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions... Moderate Unreviewed

CVE-2018-18984 was published May 13, 2022

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not... Moderate Unreviewed

CVE-2015-5537 was published May 13, 2022

In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be... Moderate Unreviewed

CVE-2018-1882 was published May 13, 2022

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.... Moderate Unreviewed

CVE-2022-29868 was published May 10, 2022

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the... Moderate Unreviewed

CVE-2010-0225 was published May 2, 2022

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie,... Moderate Unreviewed

CVE-2009-2272 was published May 2, 2022

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication,... Moderate Unreviewed

CVE-2008-0174 was published May 1, 2022

IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to... Moderate Unreviewed

CVE-2005-2160 was published May 1, 2022

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie,... Moderate Unreviewed

CVE-2002-1800 was published Apr 30, 2022

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for... Moderate Unreviewed

CVE-2001-1536 was published Apr 30, 2022

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores... Moderate Unreviewed

CVE-2001-1537 was published Apr 30, 2022

Previous 1 2 … 8 9 10 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

300 advisories