Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
lakeFS logs S3 credentials in plain text High
GHSA-4rgc-5g6r-2rjf was published for github.com/treeverse/lakefs (Go) Dec 12, 2023
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to... High Unreviewed
CVE-2023-46386 was published Dec 1, 2023
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions... High Unreviewed
CVE-2023-46388 was published Dec 1, 2023
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext... High Unreviewed
CVE-2023-46384 was published Dec 1, 2023
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. High Unreviewed
CVE-2023-46376 was published Oct 27, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows... High Unreviewed
CVE-2023-44037 was published Oct 14, 2023
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server... High Unreviewed
CVE-2023-3489 was published Aug 31, 2023
An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System... High Unreviewed
CVE-2023-31041 was published Aug 14, 2023
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's... High Unreviewed
CVE-2023-39379 was published Aug 4, 2023
Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of... High Unreviewed
CVE-2023-30146 was published Aug 4, 2023
Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. High Unreviewed
CVE-2023-39144 was published Aug 3, 2023
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive... High Unreviewed
CVE-2023-33742 was published Jul 27, 2023
mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <=... High Unreviewed
CVE-2023-30367 was published Jul 26, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive... High Unreviewed
CVE-2023-31821 was published Jul 13, 2023
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214... High Unreviewed
CVE-2023-31408 was published Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain... High Unreviewed
CVE-2023-27243 was published Jun 21, 2023
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the... High Unreviewed
CVE-2023-1897 was published Jun 12, 2023
The Danfoss AK-EM100 stores login credentials in cleartext. High Unreviewed
CVE-2023-22584 was published Jun 11, 2023
Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local... High Unreviewed
CVE-2023-27706 was published Jun 9, 2023
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3.... High Unreviewed
CVE-2023-28713 was published Jun 1, 2023
Data written to GitHub Actions Cache may expose secrets High
CVE-2023-30853 was published for gradle/gradle-build-action (GitHub Actions) May 1, 2023
bigdaz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database