GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could allow a privileged user to...
Moderate
Unreviewed
CVE-2023-50956
was published
Dec 18, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stores user credentials in...
Moderate
Unreviewed
CVE-2024-52361
was published
Dec 18, 2024
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center ...
Moderate
Unreviewed
CVE-2021-1126
was published
May 24, 2022
User passwords are decrypted and stored on memory before any user logged in. Those decrypted...
Moderate
Unreviewed
CVE-2024-29978
was published
Nov 26, 2024
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be...
Moderate
Unreviewed
CVE-2024-49351
was published
Nov 26, 2024
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to...
Moderate
Unreviewed
CVE-2024-31899
was published
Sep 26, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The...
Moderate
Unreviewed
CVE-2024-45283
was published
Sep 10, 2024
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO!...
Moderate
Unreviewed
CVE-2024-39922
was published
Aug 13, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by...
Moderate
Unreviewed
CVE-2024-25052
was published
Jun 13, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Moderate
CVE-2024-6833
was published
for
@zowe/cli
(npm)
Jul 17, 2024
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version ...
Moderate
Unreviewed
CVE-2024-4232
was published
May 14, 2024
BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR...
Moderate
Unreviewed
CVE-2024-39220
was published
Jul 3, 2024
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain...
Moderate
Unreviewed
CVE-2024-4425
was published
May 14, 2024
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to...
Moderate
Unreviewed
CVE-2024-28325
was published
Apr 26, 2024
TYPO3 Information Disclosure in User Authentication
Moderate
GHSA-wj85-rg5g-v8jm
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure...
Moderate
Unreviewed
CVE-2024-28961
was published
Apr 29, 2024
Eaton easySoft software is used to program easy controllers and displays for configuring,...
Moderate
Unreviewed
CVE-2023-43777
was published
Oct 17, 2023
SnapGathers versions prior to 4.9 are susceptible to a vulnerability
which could allow a local...
Moderate
Unreviewed
CVE-2023-27315
was published
Oct 12, 2023
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x...
Moderate
Unreviewed
CVE-2023-4400
was published
Sep 13, 2023
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user...
Moderate
Unreviewed
CVE-2023-35765
was published
Jul 7, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file...
Moderate
Unreviewed
CVE-2023-22389
was published
Jul 6, 2023
?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in...
Moderate
Unreviewed
CVE-2023-3395
was published
Jul 3, 2023
ProTip!
Advisories are also available from the
GraphQL API