Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

139 advisories

Loading
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows... Moderate Unreviewed
CVE-2023-6253 was published Nov 22, 2023
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption),... High Unreviewed
CVE-2021-39289 was published May 24, 2022
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a... High Unreviewed
CVE-2021-42913 was published Dec 21, 2021
Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise)... Critical Unreviewed
CVE-2023-0580 was published Apr 6, 2023
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view... High Unreviewed
CVE-2021-36546 was published Feb 3, 2023
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Moderate Unreviewed
CVE-2022-0881 was published Mar 10, 2022
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the... Moderate Unreviewed
CVE-2022-41320 was published Sep 25, 2022
Insecure Storage of Sensitive Information in Microweber High
CVE-2022-0724 was published for microweber/microweber (Composer) Feb 24, 2022
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be... High Unreviewed
CVE-2022-25264 was published Feb 26, 2022
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control ... Moderate Unreviewed
CVE-2022-21823 was published Jan 11, 2022
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the... Moderate Unreviewed
CVE-2017-13909 was published Dec 24, 2021
Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such... High Unreviewed
CVE-2022-37835 was published Sep 13, 2022
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low... High Unreviewed
CVE-2017-7253 was published May 13, 2022
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such... Moderate Unreviewed
CVE-2017-6911 was published May 13, 2022
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where... Moderate Unreviewed
CVE-2017-16560 was published May 13, 2022
An information disclosure vulnerability in File-Based Encryption could enable a local malicious... Moderate Unreviewed
CVE-2017-0493 was published May 13, 2022
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02... Low Unreviewed
CVE-2021-25522 was published Dec 9, 2021
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows... Low Unreviewed
CVE-2021-25523 was published Dec 9, 2021
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to... Low Unreviewed
CVE-2021-25524 was published Dec 9, 2021
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Sensitive Data Exposure in miniorange_saml High
CVE-2021-36786 was published for miniorange/miniorange-saml (Composer) Sep 1, 2021
Authentication bypass in Apache Kylin Moderate
CVE-2020-13937 was published for org.apache.kylin:kylin (Maven) Feb 10, 2022
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The... Moderate Unreviewed
CVE-2019-4549 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database