GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,198
Composer 4,343
Erlang 31
GitHub Actions 22
Go 2,107
Maven 5,283
npm 3,764
NuGet 679
pip 3,452
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,229

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

303 advisories

Filter by severity

Sort by

Least recently updated

Insufficiently protected credentials in GE HealthCare EchoPAC products High Unreviewed

CVE-2024-27109 was published May 14, 2024

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows... High Unreviewed

CVE-2024-29941 was published May 7, 2024

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due... High Unreviewed

CVE-2023-37400 was published Apr 19, 2024

Audit records for OpenAPI requests may include sensitive information. This could lead to... High Unreviewed

CVE-2023-6916 was published Apr 10, 2024

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0... High Unreviewed

CVE-2023-41677 was published Apr 9, 2024

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network... High Unreviewed

CVE-2024-29071 was published Mar 25, 2024

Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated... High Unreviewed

CVE-2022-47037 was published Mar 18, 2024

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized... High Unreviewed

CVE-2023-27975 was published Feb 14, 2024

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed

CVE-2024-22432 was published Jan 25, 2024

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed

CVE-2023-6421 was published Jan 1, 2024

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed

CVE-2023-32268 was published Dec 6, 2023

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed

CVE-2023-6254 was published Nov 27, 2023

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed

CVE-2023-44303 was published Nov 24, 2023

Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed

CVE-2023-43905 was published Oct 26, 2023

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed

CVE-2023-5552 was published Oct 18, 2023

BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed

CVE-2022-44757 was published Oct 11, 2023

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed

CVE-2023-43633 was published Sep 21, 2023

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed

CVE-2023-43634 was published Sep 21, 2023

On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed

CVE-2023-43631 was published Sep 21, 2023

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed

CVE-2023-43630 was published Sep 20, 2023

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed

CVE-2023-25532 was published Sep 20, 2023

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System... High Unreviewed

CVE-2023-35067 was published Jul 25, 2023

An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to... High Unreviewed

CVE-2023-31824 was published Jul 13, 2023

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text... High Unreviewed

CVE-2020-18406 was published Jun 27, 2023

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password... High Unreviewed

CVE-2022-47376 was published Jun 13, 2023

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

303 advisories