Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,086
Maven
5,000+
npm
3,747
NuGet
674
pip
3,436
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
Jenkins Jira Issue Updater Plugin stores credentials in plain text Moderate
CVE-2019-1003054 was published for info.bluefloyd.jenkins:jenkins-jira-issue-updater (Maven) May 13, 2022
Jenkins WebSphere Deployer Plugin stores credentials in plain text Moderate
CVE-2019-1003056 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 13, 2022
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the... Moderate Unreviewed
CVE-2022-3781 was published Nov 2, 2022
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only... Moderate Unreviewed
CVE-2022-26390 was published Sep 10, 2022
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The... Moderate Unreviewed
CVE-2021-27764 was published May 7, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24045 was published May 21, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls... Moderate Unreviewed
CVE-2022-21940 was published Feb 9, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed
CVE-2022-38458 was published Mar 21, 2023
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. Moderate Unreviewed
CVE-2022-47715 was published Feb 1, 2023
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore... Moderate Unreviewed
CVE-2023-23127 was published Feb 1, 2023
An information disclosure vulnerability exists in the Web Server functionality of Sealevel... Moderate Unreviewed
CVE-2021-21963 was published Feb 9, 2022
Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and ... Moderate Unreviewed
CVE-2022-0183 was published Jan 18, 2022
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on... Moderate Unreviewed
CVE-2019-4171 was published May 24, 2022
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the... Moderate Unreviewed
CVE-2018-6976 was published May 13, 2022
Plaintext of decrypted emails can leak through by user submitting an embedded form. This... Moderate Unreviewed
CVE-2018-5185 was published May 13, 2022
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an... Moderate Unreviewed
CVE-2018-5482 was published May 13, 2022
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4).... Moderate Unreviewed
CVE-2018-4847 was published May 13, 2022
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the... Moderate Unreviewed
CVE-2018-6975 was published May 13, 2022
A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128... Moderate Unreviewed
CVE-2018-17563 was published May 13, 2022
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information... Moderate Unreviewed
CVE-2017-8168 was published May 13, 2022
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6... Moderate Unreviewed
CVE-2017-7485 was published May 13, 2022
The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http... Moderate Unreviewed
CVE-2017-9045 was published May 13, 2022
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption... Moderate Unreviewed
CVE-2017-6297 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database