Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus... High Unreviewed
CVE-2020-16134 was published May 24, 2022
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN... High Unreviewed
CVE-2019-15311 was published May 24, 2022
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks... High Unreviewed
CVE-2019-20881 was published May 24, 2022
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3... High Unreviewed
CVE-2022-41575 was published Oct 21, 2022
Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding... High Unreviewed
CVE-2019-13022 was published May 24, 2022
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials.... High Unreviewed
CVE-2022-45423 was published Dec 27, 2022
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented... High Unreviewed
CVE-2020-9023 was published May 24, 2022
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102... High Unreviewed
CVE-2019-19843 was published May 24, 2022
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to... High Unreviewed
CVE-2019-18572 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. High Unreviewed
CVE-2020-15341 was published Sep 30, 2022
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable... High Unreviewed
CVE-2019-10210 was published May 24, 2022
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j)... High Unreviewed
CVE-2019-5532 was published May 24, 2022
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j)... High Unreviewed
CVE-2019-5534 was published May 24, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
A vulnerability has been identified in LOGO!8 BM (All versions). Unencrypted storage of passwords... High Unreviewed
CVE-2019-10921 was published May 24, 2022
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing... High Unreviewed
CVE-2022-30018 was published May 20, 2022
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1,... High Unreviewed
CVE-2022-26341 was published Nov 11, 2022
Apache Dolphin Scheduler has insufficiently protected credentials High
CVE-2022-26885 was published for org.apache.dolphinscheduler:dolphinscheduler-common (Maven) Nov 24, 2022
Information disclosure: The main configuration, including users and their hashed passwords, is... High Unreviewed
CVE-2021-23858 was published May 24, 2022
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed... High Unreviewed
CVE-2021-23019 was published May 24, 2022
Incorrect implementation of lockout feature in Keycloak High
CVE-2021-3513 was published for org.keycloak:keycloak-parent (Maven) Aug 23, 2022
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who... High Unreviewed
CVE-2022-34838 was published Aug 25, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and... High Unreviewed
CVE-2020-24396 was published May 24, 2022
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an... High Unreviewed
CVE-2020-8259 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database