GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
492 advisories
Filter by severity
Tokens stored in plain text by PaaSLane Estimate Plugin
Moderate
CVE-2023-50777
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Moderate
CVE-2023-50770
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Dec 13, 2023
Tokens stored in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50772
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An...
Moderate
Unreviewed
CVE-2022-46141
was published
Dec 12, 2023
lakeFS logs S3 credentials in plain text
High
GHSA-4rgc-5g6r-2rjf
was published
for
github.com/treeverse/lakefs
(Go)
Dec 12, 2023
A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28...
Moderate
Unreviewed
CVE-2023-40238
was published
Dec 7, 2023
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to...
High
Unreviewed
CVE-2023-46386
was published
Dec 1, 2023
LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions...
High
Unreviewed
CVE-2023-46388
was published
Dec 1, 2023
LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext...
High
Unreviewed
CVE-2023-46384
was published
Dec 1, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Moderate
CVE-2023-48707
was published
for
codeigniter4/shield
(Composer)
Nov 23, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential...
Moderate
Unreviewed
CVE-2023-47312
was published
Nov 22, 2023
Zentao Biz version 8.7 and before is vulnerable to Information Disclosure.
High
Unreviewed
CVE-2023-46376
was published
Oct 27, 2023
Jenkins lambdatest-automation Plugin may expose Credentials access token
Low
CVE-2023-46653
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows...
High
Unreviewed
CVE-2023-44037
was published
Oct 14, 2023
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB)...
Moderate
Unreviewed
CVE-2023-41964
was published
Oct 10, 2023
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation...
Critical
Unreviewed
CVE-2023-2809
was published
Oct 4, 2023
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security...
Moderate
Unreviewed
CVE-2023-4066
was published
Sep 27, 2023
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The...
Low
Unreviewed
CVE-2023-44153
was published
Sep 27, 2023
Sensitive information disclosure due to cleartext storage of sensitive information. The following...
Moderate
Unreviewed
CVE-2023-44159
was published
Sep 27, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4,...
Moderate
Unreviewed
CVE-2023-2358
was published
Sep 27, 2023
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Low
CVE-2023-41335
was published
for
matrix-synapse
(pip)
Sep 26, 2023
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through...
Moderate
Unreviewed
CVE-2023-40715
was published
Sep 13, 2023
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x...
Moderate
Unreviewed
CVE-2023-4400
was published
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API