Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

492 advisories

Loading
Sensitive data written to disk unencrypted in Spark High
CVE-2019-10099 was published for org.apache.spark:spark-core_2.11 (Maven) Aug 8, 2019
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
User passwords are stored in clear text in the Django session Moderate
CVE-2020-15105 was published for django-two-factor-auth (pip) Jul 10, 2020
nickcatal liewegas
benweissmann
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
Apache Airflow logs passwords in plaintext Low
CVE-2020-17511 was published for apache-airflow (pip) Dec 17, 2020
Parse Server stores password in plain text Low
CVE-2020-26288 was published for parse-server (npm) Dec 28, 2020
fastrde depsir
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader
django-celery-results Stores Sensitive Information In Cleartext High
CVE-2020-17495 was published for django-celery-results (pip) Jun 4, 2021
G-Rath
Unencrypted storage of client side sessions Moderate
CVE-2021-29481 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email... Moderate Unreviewed
CVE-2021-34544 was published Dec 8, 2021
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information,... High Unreviewed
CVE-2021-43388 was published Dec 15, 2021
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the... Moderate Unreviewed
CVE-2021-42066 was published Dec 15, 2021
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU... High Unreviewed
CVE-2021-20827 was published Dec 25, 2021
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could... Moderate Unreviewed
CVE-2021-35035 was published Dec 30, 2021
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and... Moderate Unreviewed
CVE-2021-20171 was published Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and... Moderate Unreviewed
CVE-2021-20162 was published Dec 31, 2021
A vulnerability in the information storage architecture of several Cisco IP Phone models could... Moderate Unreviewed
CVE-2022-20660 was published Jan 15, 2022
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with... Moderate Unreviewed
CVE-2021-31821 was published Jan 20, 2022
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E ... Moderate Unreviewed
CVE-2022-23129 was published Jan 22, 2022
Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and... High Unreviewed
CVE-2022-22789 was published Jan 26, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... High Unreviewed
CVE-2021-42642 was published Feb 9, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40363 was published Feb 10, 2022
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
NVIDIA License System contains a vulnerability in the installation scripts for the DLS virtual... Moderate Unreviewed
CVE-2022-21818 was published Feb 16, 2022
ProTip! Advisories are also available from the GraphQL API