GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
149 advisories
Filter by severity
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true"...
High
Unreviewed
CVE-2017-16835
was published
May 13, 2022
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows...
High
Unreviewed
CVE-2017-13663
was published
May 13, 2022
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in...
High
Unreviewed
CVE-2017-1309
was published
May 13, 2022
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and...
High
Unreviewed
CVE-2017-9663
was published
May 13, 2022
A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS)...
High
Unreviewed
CVE-2018-0089
was published
May 13, 2022
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive...
High
Unreviewed
CVE-2018-10871
was published
May 13, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive...
High
Unreviewed
CVE-2018-1877
was published
May 13, 2022
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk...
High
Unreviewed
CVE-2017-3214
was published
May 13, 2022
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which...
High
Unreviewed
CVE-2018-12572
was published
May 13, 2022
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local...
High
Unreviewed
CVE-2018-19009
was published
May 13, 2022
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS...
High
Unreviewed
CVE-2018-19981
was published
May 13, 2022
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext...
High
Unreviewed
CVE-2016-0876
was published
May 13, 2022
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions...
High
Unreviewed
CVE-2022-28214
was published
May 12, 2022
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file,...
High
Unreviewed
CVE-2005-1828
was published
May 1, 2022
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file,...
High
Unreviewed
CVE-2001-1481
was published
Apr 30, 2022
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and...
High
Unreviewed
CVE-2021-36460
was published
Apr 26, 2022
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions...
High
Unreviewed
CVE-2009-5068
was published
Apr 21, 2022
" Insecure password storage issue.The application stores sensitive information in cleartext...
High
Unreviewed
CVE-2021-27757
was published
Mar 5, 2022
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores...
High
Unreviewed
CVE-2021-3551
was published
Feb 17, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40363
was published
Feb 10, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct...
High
Unreviewed
CVE-2021-42642
was published
Feb 9, 2022
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and...
High
Unreviewed
CVE-2022-22789
was published
Jan 26, 2022
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU...
High
Unreviewed
CVE-2021-20827
was published
Dec 25, 2021
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information,...
High
Unreviewed
CVE-2021-43388
was published
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API