GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20 advisories
Filter by severity
No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command...
Critical
Unreviewed
CVE-2024-40457
was published
Sep 12, 2024
The health endpoint is public so everybody can see a list of all services. It is potentially...
Critical
Unreviewed
CVE-2024-9798
was published
Oct 10, 2024
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp...
Critical
Unreviewed
CVE-2024-8644
was published
Sep 27, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ...
Critical
Unreviewed
CVE-2023-41095
was published
Oct 26, 2023
The decrypted configuration file contains the password in cleartext
which is used to configure...
Critical
Unreviewed
CVE-2024-36497
was published
Jun 24, 2024
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as...
Critical
Unreviewed
CVE-2023-31069
was published
Sep 11, 2023
Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing...
Critical
Unreviewed
CVE-2023-33373
was published
Aug 4, 2023
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure...
Critical
Unreviewed
CVE-2019-13096
was published
May 24, 2022
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation...
Critical
Unreviewed
CVE-2023-2809
was published
Oct 4, 2023
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could...
Critical
Unreviewed
CVE-2022-3089
was published
Feb 13, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before...
Critical
Unreviewed
CVE-2018-18641
was published
May 13, 2022
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management...
Critical
Unreviewed
CVE-2018-18394
was published
May 13, 2022
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the...
Critical
Unreviewed
CVE-2017-5250
was published
May 13, 2022
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used...
Critical
Unreviewed
CVE-2017-5249
was published
May 13, 2022
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010)...
Critical
Unreviewed
CVE-2019-0285
was published
May 13, 2022
A vulnerability has been identified in QMS Automotive (All versions). User credentials are stored...
Critical
Unreviewed
CVE-2022-43958
was published
Nov 8, 2022
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs,...
Critical
Unreviewed
CVE-2021-29954
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
Critical
Unreviewed
CVE-2020-15332
was published
Sep 30, 2022
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F...
Critical
Unreviewed
CVE-2022-25158
was published
Apr 3, 2022
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix...
Critical
Unreviewed
CVE-2022-26148
was published
Mar 22, 2022
ProTip!
Advisories are also available from the
GraphQL API