Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,090 advisories

Loading
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that... Moderate Unreviewed
CVE-2022-38714 was published Feb 12, 2024
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which... Moderate Unreviewed
CVE-2024-22312 was published Feb 10, 2024
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies High
CVE-2023-50291 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores... Moderate Unreviewed
CVE-2024-21869 was published Feb 2, 2024
Apache Kylin has Insufficiently Protected Credentials High
CVE-2023-29055 was published for org.apache.kylin:kylin-core-common (Maven) Jan 29, 2024
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config... High Unreviewed
CVE-2024-22432 was published Jan 25, 2024
HPE OneView may have a missing passphrase during restore. Moderate Unreviewed
CVE-2023-6573 was published Jan 23, 2024
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device... Moderate Unreviewed
CVE-2023-49106 was published Jan 16, 2024
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker... Moderate Unreviewed
CVE-2023-50125 was published Jan 11, 2024
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to... Moderate Unreviewed
CVE-2023-29447 was published Jan 10, 2024
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,... High Unreviewed
CVE-2023-6421 was published Jan 1, 2024
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials... Moderate Unreviewed
CVE-2022-39820 was published Dec 25, 2023
IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text... Moderate Unreviewed
CVE-2023-47741 was published Dec 18, 2023
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an... Moderate Unreviewed
CVE-2023-6791 was published Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be... Moderate Unreviewed
CVE-2023-47722 was published Dec 9, 2023
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user... High Unreviewed
CVE-2023-32268 was published Dec 6, 2023
Data leak of password hash through change requests High
CVE-2023-49280 was published for org.xwiki.contrib.changerequest:application-changerequest-default (Maven) Dec 5, 2023
michitux
An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows... Moderate Unreviewed
CVE-2023-24047 was published Dec 5, 2023
Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in PPOE. A local... Moderate Unreviewed
CVE-2023-44300 was published Dec 4, 2023
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials Moderate
CVE-2023-49653 was published for org.jenkins-ci.plugins:jira (Maven) Nov 29, 2023
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text... High Unreviewed
CVE-2023-6254 was published Nov 27, 2023
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0... Moderate Unreviewed
CVE-2023-41676 was published Nov 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database