GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
165 advisories
Filter by severity
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
lakeFS logs S3 credentials in plain text
High
GHSA-4rgc-5g6r-2rjf
was published
for
github.com/treeverse/lakefs
(Go)
Dec 12, 2023
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to...
High
Unreviewed
CVE-2023-46386
was published
Dec 1, 2023
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions...
High
Unreviewed
CVE-2023-46388
was published
Dec 1, 2023
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext...
High
Unreviewed
CVE-2023-46384
was published
Dec 1, 2023
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
High
Unreviewed
CVE-2023-46376
was published
Oct 27, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows...
High
Unreviewed
CVE-2023-44037
was published
Oct 14, 2023
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server...
High
Unreviewed
CVE-2023-3489
was published
Aug 31, 2023
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System...
High
Unreviewed
CVE-2023-31041
was published
Aug 14, 2023
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's...
High
Unreviewed
CVE-2023-39379
was published
Aug 4, 2023
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of...
High
Unreviewed
CVE-2023-30146
was published
Aug 4, 2023
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.
High
Unreviewed
CVE-2023-39144
was published
Aug 3, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive...
High
Unreviewed
CVE-2023-33742
was published
Jul 27, 2023
mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <=...
High
Unreviewed
CVE-2023-30367
was published
Jul 26, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive...
High
Unreviewed
CVE-2023-31821
was published
Jul 13, 2023
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214...
High
Unreviewed
CVE-2023-31408
was published
Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain...
High
Unreviewed
CVE-2023-27243
was published
Jun 21, 2023
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the...
High
Unreviewed
CVE-2023-1897
was published
Jun 12, 2023
The Danfoss AK-EM100 stores login credentials in cleartext.
High
Unreviewed
CVE-2023-22584
was published
Jun 11, 2023
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local...
High
Unreviewed
CVE-2023-27706
was published
Jun 9, 2023
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3....
High
Unreviewed
CVE-2023-28713
was published
Jun 1, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
ProTip!
Advisories are also available from the
GraphQL API