GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,952

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

169 advisories

Filter by severity

Sort by

Least recently updated

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which... High Unreviewed

CVE-2022-2083 was published Sep 6, 2022

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may... High Unreviewed

CVE-2022-2485 was published Sep 1, 2022

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials... High Unreviewed

CVE-2022-2005 was published Sep 1, 2022

In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be... High Unreviewed

CVE-2022-36200 was published Aug 29, 2022

A flaw was found in Foreman project. A credential leak was identified which will expose Azure... High Unreviewed

CVE-2021-3590 was published Aug 23, 2022

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an... High Unreviewed

CVE-2022-32245 was published Aug 11, 2022

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They... High Unreviewed

CVE-2022-31204 was published Jul 27, 2022

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller... High Unreviewed

CVE-2022-29519 was published Jun 29, 2022

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are... High Unreviewed

CVE-2021-32966 was published May 26, 2022

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine... High Unreviewed

CVE-2022-26077 was published May 26, 2022

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. High Unreviewed

CVE-2020-20128 was published May 24, 2022

A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The... High Unreviewed

CVE-2021-40366 was published May 24, 2022

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS... High Unreviewed

CVE-2021-0296 was published May 24, 2022

Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed

CVE-2021-20599 was published May 24, 2022

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking... High Unreviewed

CVE-2021-22946 was published May 24, 2022

The update process of the Circle Parental Control Service on various NETGEAR routers allows... High Unreviewed

CVE-2021-40847 was published May 24, 2022

A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to... High Unreviewed

CVE-2021-33883 was published May 24, 2022

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext... High Unreviewed

CVE-2020-36423 was published May 24, 2022

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with... High Unreviewed

CVE-2021-32612 was published May 24, 2022

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before... High Unreviewed

CVE-2021-23018 was published May 24, 2022

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial... High Unreviewed

CVE-2020-27185 was published May 24, 2022

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface... High Unreviewed

CVE-2021-20992 was published May 24, 2022

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed

CVE-2021-27251 was published May 24, 2022

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1... High Unreviewed

CVE-2021-27194 was published May 24, 2022

Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in... High Unreviewed

CVE-2019-18231 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

169 advisories