Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,018 advisories

Loading
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin Moderate
CVE-2022-27217 was published for com.vmware.vcac:vmware-vrealize-codestream (Maven) Mar 16, 2022
NotMyFault
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin Moderate
CVE-2022-27218 was published for com.incapptic.plugins:incapptic-connect-uploader (Maven) Mar 16, 2022
NotMyFault
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022... Moderate Unreviewed
CVE-2022-24506 was published Mar 10, 2022
A man-in-the-middle attacker can inject false responses to the client's first few queries,... Moderate Unreviewed
CVE-2021-23222 was published Mar 4, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that... Moderate Unreviewed
CVE-2022-22321 was published Mar 2, 2022
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read... Moderate Unreviewed
CVE-2022-22908 was published Feb 27, 2022
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and... High Unreviewed
CVE-2022-24610 was published Feb 25, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2021-39026 was published Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... Moderate Unreviewed
CVE-2022-24982 was published Feb 17, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin Moderate
CVE-2022-25184 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 16, 2022
NotMyFault
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive... High Unreviewed
CVE-2021-22798 was published Feb 12, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0... Moderate Unreviewed
CVE-2021-33107 was published Feb 11, 2022
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks... Moderate Unreviewed
CVE-2022-0019 was published Feb 11, 2022
Insufficiently Protected Credentials in Reactor Netty Moderate
CVE-2020-5404 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS... High Unreviewed
CVE-2021-40360 was published Feb 10, 2022
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials... Moderate Unreviewed
CVE-2022-22554 was published Jan 25, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed
CVE-2021-23196 was published Jan 22, 2022
An attacker with physical access to the host can extract the secrets from the registry and create... Moderate Unreviewed
CVE-2021-23207 was published Jan 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database