GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
User passwords are stored in clear text in the Django session
Moderate
CVE-2020-15105
was published
for
django-two-factor-auth
(pip)
Jul 10, 2020
Cleartext storage of session identifier
Moderate
CVE-2021-21339
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email...
Moderate
Unreviewed
CVE-2021-34544
was published
Dec 8, 2021
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the...
Moderate
Unreviewed
CVE-2021-42066
was published
Dec 15, 2021
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could...
Moderate
Unreviewed
CVE-2021-35035
was published
Dec 30, 2021
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and...
Moderate
Unreviewed
CVE-2021-20171
was published
Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and...
Moderate
Unreviewed
CVE-2021-20162
was published
Dec 31, 2021
A vulnerability in the information storage architecture of several Cisco IP Phone models could...
Moderate
Unreviewed
CVE-2022-20660
was published
Jan 15, 2022
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with...
Moderate
Unreviewed
CVE-2021-31821
was published
Jan 20, 2022
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E ...
Moderate
Unreviewed
CVE-2022-23129
was published
Jan 22, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual...
Moderate
Unreviewed
CVE-2022-21818
was published
Feb 16, 2022
Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local,...
Moderate
Unreviewed
CVE-2020-14480
was published
Feb 25, 2022
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could...
Moderate
Unreviewed
CVE-2021-35036
was published
Mar 2, 2022
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a...
Moderate
Unreviewed
CVE-2021-43590
was published
Mar 5, 2022
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows...
Moderate
Unreviewed
CVE-2022-26778
was published
Mar 11, 2022
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local...
Moderate
Unreviewed
CVE-2022-23234
was published
Mar 17, 2022
3CX System through 2022-03-17 stores cleartext passwords in a database.
Moderate
Unreviewed
CVE-2021-45491
was published
Mar 29, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F...
Moderate
Unreviewed
CVE-2022-25160
was published
Apr 3, 2022
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to...
Moderate
Unreviewed
CVE-2022-0835
was published
Apr 12, 2022
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a...
Moderate
Unreviewed
CVE-2021-39078
was published
Apr 20, 2022
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world...
Moderate
Unreviewed
CVE-2011-2916
was published
Apr 22, 2022
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1,...
Moderate
Unreviewed
CVE-2004-2397
was published
Apr 29, 2022
ProTip!
Advisories are also available from the
GraphQL API