Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
SiCKRAGE Discloses Plaintext Credentials Critical
CVE-2018-9160 was published for sickrage (pip) May 13, 2022
Account takeover in facturascripts Critical
CVE-2022-1715 was published for facturascripts/facturascripts (Composer) May 14, 2022
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows... Critical Unreviewed
CVE-2019-11350 was published May 24, 2022
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in... Critical Unreviewed
CVE-2019-11402 was published May 24, 2022
LemonLDAP::NG -2.0.3 has Incorrect Access Control. Critical Unreviewed
CVE-2019-12046 was published May 24, 2022
A security regression of CVE-2019-9636 was discovered in python since commit... Critical Unreviewed
CVE-2019-10160 was published May 24, 2022
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface... Critical Unreviewed
CVE-2019-13400 was published May 24, 2022
The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials... Critical Unreviewed
CVE-2019-15052 was published May 24, 2022
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2... Critical Unreviewed
CVE-2018-7820 was published May 24, 2022
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in... Critical Unreviewed
CVE-2019-5505 was published May 24, 2022
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP ... Critical Unreviewed
CVE-2019-17393 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Critical Unreviewed
CVE-2019-14929 was published May 24, 2022
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems... Critical Unreviewed
CVE-2019-3431 was published May 24, 2022
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative... Critical Unreviewed
CVE-2020-15921 was published May 24, 2022
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Critical Unreviewed
CVE-2020-26101 was published May 24, 2022
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). Critical Unreviewed
CVE-2020-26105 was published May 24, 2022
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve... Critical Unreviewed
CVE-2020-26508 was published May 24, 2022
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed... Critical Unreviewed
CVE-2020-26510 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615... Critical Unreviewed
CVE-2020-26097 was published May 24, 2022
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921... Critical Unreviewed
CVE-2020-27555 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29054 was published May 24, 2022
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P,... Critical Unreviewed
CVE-2020-29058 was published May 24, 2022
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during... Critical Unreviewed
CVE-2020-25175 was published May 24, 2022
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11)... Critical Unreviewed
CVE-2020-28929 was published May 24, 2022
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail... Critical Unreviewed
CVE-2020-25011 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database