Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,008 advisories

Loading
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the... High Unreviewed
CVE-2023-44303 was published Nov 24, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0... Moderate Unreviewed
CVE-2023-41676 was published Nov 14, 2023
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and... Moderate Unreviewed
CVE-2023-26221 was published Nov 8, 2023
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability... Moderate Unreviewed
CVE-2023-38328 was published Oct 27, 2023
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote... Moderate Unreviewed
CVE-2020-17477 was published Oct 26, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account... High Unreviewed
CVE-2023-43905 was published Oct 26, 2023
Jenkins Warnings Plugin exposures system-scoped credentials Moderate
CVE-2023-46651 was published for io.jenkins.plugins:warnings-ng (Maven) Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers... High Unreviewed
CVE-2023-5552 was published Oct 18, 2023
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source... Critical Unreviewed
CVE-2023-27132 was published Oct 17, 2023
Eaton easySoft software is used to program easy controllers and displays for configuring,... Moderate Unreviewed
CVE-2023-43777 was published Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local... Moderate Unreviewed
CVE-2023-27315 was published Oct 12, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to... High Unreviewed
CVE-2022-44757 was published Oct 11, 2023
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An... Moderate Unreviewed
CVE-2022-44758 was published Oct 11, 2023
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely... Moderate Unreviewed
CVE-2022-42451 was published Oct 11, 2023
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device... Moderate Unreviewed
CVE-2023-23370 was published Oct 6, 2023
Sensitive information disclosure due to insufficient token field masking. The following products... Low Unreviewed
CVE-2023-44158 was published Sep 27, 2023
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
On boot, the Pillar eve container checks for the existence and content of “/config... High Unreviewed
CVE-2023-43631 was published Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig... High Unreviewed
CVE-2023-43633 was published Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are... High Unreviewed
CVE-2023-43634 was published Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ... Moderate Unreviewed
CVE-2022-47561 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... Critical Unreviewed
CVE-2023-25531 was published Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient... High Unreviewed
CVE-2023-25532 was published Sep 20, 2023
ProTip! Advisories are also available from the GraphQL API