GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,018 advisories
Filter by severity
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Low
CVE-2022-27206
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Mar 16, 2022
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
Moderate
CVE-2022-27217
was published
for
com.vmware.vcac:vmware-vrealize-codestream
(Maven)
Mar 16, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Moderate
CVE-2022-27218
was published
for
com.incapptic.plugins:incapptic-connect-uploader
(Maven)
Mar 16, 2022
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022...
Moderate
Unreviewed
CVE-2022-24506
was published
Mar 10, 2022
A man-in-the-middle attacker can inject false responses to the client's first few queries,...
Moderate
Unreviewed
CVE-2021-23222
was published
Mar 4, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that...
Moderate
Unreviewed
CVE-2022-22321
was published
Mar 2, 2022
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read...
Moderate
Unreviewed
CVE-2022-22908
was published
Feb 27, 2022
Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and...
High
Unreviewed
CVE-2022-24610
was published
Feb 25, 2022
IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2021-39026
was published
Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to...
Moderate
Unreviewed
CVE-2022-24982
was published
Feb 17, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Moderate
CVE-2022-25184
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
containers/image library Insufficiently Protects Credentials
Moderate
CVE-2019-10214
was published
for
github.com/containers/image
(Go)
Feb 15, 2022
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive...
High
Unreviewed
CVE-2021-22798
was published
Feb 12, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull
Moderate
CVE-2020-15157
was published
for
github.com/containerd/containerd
(Go)
Feb 11, 2022
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0...
Moderate
Unreviewed
CVE-2021-33107
was published
Feb 11, 2022
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks...
Moderate
Unreviewed
CVE-2022-0019
was published
Feb 11, 2022
Insufficiently Protected Credentials in Reactor Netty
Moderate
CVE-2020-5404
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Feb 10, 2022
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS...
High
Unreviewed
CVE-2021-40360
was published
Feb 10, 2022
Insufficiently Protected Credentials in Apache Superset
Moderate
CVE-2021-44451
was published
for
apache-superset
(pip)
Feb 2, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials...
Moderate
Unreviewed
CVE-2022-22554
was published
Jan 25, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management...
Critical
Unreviewed
CVE-2021-23196
was published
Jan 22, 2022
An attacker with physical access to the host can extract the secrets from the registry and create...
Moderate
Unreviewed
CVE-2021-23207
was published
Jan 22, 2022
ProTip!
Advisories are also available from the
GraphQL API