GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,008 advisories
Filter by severity
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the...
High
Unreviewed
CVE-2023-44303
was published
Nov 24, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0...
Moderate
Unreviewed
CVE-2023-41676
was published
Nov 14, 2023
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and...
Moderate
Unreviewed
CVE-2023-26221
was published
Nov 8, 2023
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability...
Moderate
Unreviewed
CVE-2023-38328
was published
Oct 27, 2023
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote...
Moderate
Unreviewed
CVE-2020-17477
was published
Oct 26, 2023
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account...
High
Unreviewed
CVE-2023-43905
was published
Oct 26, 2023
Jenkins Warnings Plugin exposures system-scoped credentials
Moderate
CVE-2023-46651
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Oct 25, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers...
High
Unreviewed
CVE-2023-5552
was published
Oct 18, 2023
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source...
Critical
Unreviewed
CVE-2023-27132
was published
Oct 17, 2023
Eaton easySoft software is used to program easy controllers and displays for configuring,...
Moderate
Unreviewed
CVE-2023-43777
was published
Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local...
Moderate
Unreviewed
CVE-2023-27315
was published
Oct 12, 2023
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to...
High
Unreviewed
CVE-2022-44757
was published
Oct 11, 2023
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An...
Moderate
Unreviewed
CVE-2022-44758
was published
Oct 11, 2023
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely...
Moderate
Unreviewed
CVE-2022-42451
was published
Oct 11, 2023
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device...
Moderate
Unreviewed
CVE-2023-23370
was published
Oct 6, 2023
Sensitive information disclosure due to insufficient token field masking. The following products...
Low
Unreviewed
CVE-2023-44158
was published
Sep 27, 2023
OpenStack Barbican credential leak flaw
Moderate
CVE-2023-1633
was published
for
barbican
(pip)
Sep 24, 2023
On boot, the Pillar eve container checks for the existence and content of
“/config...
High
Unreviewed
CVE-2023-43631
was published
Sep 21, 2023
On boot, the Pillar eve container checks for the existence and content of
“/config/GlobalConfig...
High
Unreviewed
CVE-2023-43633
was published
Sep 21, 2023
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs
are...
High
Unreviewed
CVE-2023-43634
was published
Sep 21, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was...
High
Unreviewed
CVE-2023-43630
was published
Sep 20, 2023
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the ...
Moderate
Unreviewed
CVE-2022-47561
was published
Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
Critical
Unreviewed
CVE-2023-25531
was published
Sep 20, 2023
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient...
High
Unreviewed
CVE-2023-25532
was published
Sep 20, 2023
ProTip!
Advisories are also available from the
GraphQL API