GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
138 advisories
Filter by severity
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in...
High
Unreviewed
CVE-2024-53292
was published
Dec 11, 2024
Certain models of routers from Billion Electric has a Plaintext Storage of a Password...
High
Unreviewed
CVE-2024-11982
was published
Nov 29, 2024
When exporting media types, the password is exported in the YAML in plain text. This appears to...
Low
Unreviewed
CVE-2024-36464
was published
Nov 27, 2024
User passwords are decrypted and stored on memory before any user logged in. Those decrypted...
Moderate
Unreviewed
CVE-2024-29978
was published
Nov 26, 2024
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be...
Moderate
Unreviewed
CVE-2024-49351
was published
Nov 26, 2024
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of...
Low
Unreviewed
CVE-2024-42496
was published
Sep 30, 2024
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to...
Moderate
Unreviewed
CVE-2024-31899
was published
Sep 26, 2024
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in...
High
Unreviewed
CVE-2023-41610
was published
Sep 18, 2024
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain...
Critical
Unreviewed
CVE-2024-5960
was published
Sep 18, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an...
High
Unreviewed
CVE-2024-20489
was published
Sep 11, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to...
High
Unreviewed
CVE-2024-44815
was published
Sep 10, 2024
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The...
Moderate
Unreviewed
CVE-2024-45283
was published
Sep 10, 2024
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO!...
Moderate
Unreviewed
CVE-2024-39922
was published
Aug 13, 2024
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords...
High
Unreviewed
CVE-2024-36460
was published
Aug 12, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high...
Low
Unreviewed
CVE-2024-37135
was published
Jul 31, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store...
Unknown
Unreviewed
CVE-2024-40116
was published
Jul 26, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Moderate
CVE-2024-6833
was published
for
@zowe/cli
(npm)
Jul 17, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR...
Moderate
Unreviewed
CVE-2024-39220
was published
Jul 3, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
Critical
Unreviewed
CVE-2024-33375
was published
Jun 14, 2024
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal...
High
Unreviewed
CVE-2024-27166
was published
Jun 14, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
ProTip!
Advisories are also available from the
GraphQL API