Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Loading
Oxide before 6 has unencrypted Control Plane datastores. Moderate Unreviewed
CVE-2024-55582 was published Dec 9, 2024
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in... Moderate Unreviewed
CVE-2024-35117 was published Dec 11, 2024
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This... Moderate Unreviewed
CVE-2024-11159 was published Nov 13, 2024
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a... Moderate Unreviewed
CVE-2024-54127 was published Dec 5, 2024
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in... Moderate Unreviewed
CVE-2024-12094 was published Dec 5, 2024
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs Moderate
CVE-2024-53865 was published for zhmcclient (pip) Dec 2, 2024
andy-maier
User passwords are decrypted and stored on memory before any user logged in. Those decrypted... Moderate Unreviewed
CVE-2024-29146 was published Nov 26, 2024
An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and... Moderate Unreviewed
CVE-2024-36589 was published Jun 13, 2024
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and... Moderate Unreviewed
CVE-2024-4840 was published May 14, 2024
Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi... Moderate Unreviewed
CVE-2024-40750 was published Jul 9, 2024
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19... Moderate Unreviewed
CVE-2024-25658 was published Oct 1, 2024
Infinispan caches credentials in clear text Moderate
CVE-2023-5384 was published for org.infinispan:infinispan-cachestore-jdbc (Maven) Dec 28, 2023
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50770 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email... Moderate Unreviewed
CVE-2021-34544 was published Dec 8, 2021
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain... Moderate Unreviewed
CVE-2024-10523 was published Nov 4, 2024
A user with permission to log on to the machine hosting the AXIS Device Manager client could... Moderate Unreviewed
CVE-2021-31989 was published May 24, 2022
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created... Moderate Unreviewed
CVE-2020-11918 was published Nov 7, 2024
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100... Moderate Unreviewed
CVE-2024-34891 was published Nov 4, 2024
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information,... Moderate Unreviewed
CVE-2024-7783 was published Oct 29, 2024
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
The conformance validation endpoint is public so everybody can verify the conformance of... Moderate Unreviewed
CVE-2024-9802 was published Oct 10, 2024
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix leak... Moderate Unreviewed
CVE-2024-45004 was published Sep 4, 2024
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco... Moderate Unreviewed
CVE-2024-20448 was published Oct 2, 2024
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information... Moderate Unreviewed
CVE-2024-28807 was published Sep 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database