Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

545 advisories

Loading
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which... Moderate Unreviewed
CVE-2008-4122 was published May 2, 2022
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified... Moderate Unreviewed
CVE-2008-3289 was published May 1, 2022
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the... High Unreviewed
CVE-2008-0374 was published May 1, 2022
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command... Low Unreviewed
CVE-2007-5626 was published May 1, 2022
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2... Moderate Unreviewed
CVE-2007-4786 was published May 1, 2022
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map ... Moderate Unreviewed
CVE-2005-3140 was published May 1, 2022
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use... Moderate Unreviewed
CVE-2005-2069 was published May 1, 2022
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits... Moderate Unreviewed
CVE-2002-1949 was published Apr 30, 2022
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption... Moderate Unreviewed
CVE-2004-1852 was published Apr 29, 2022
Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain... Moderate Unreviewed
CVE-2012-1257 was published Apr 23, 2022
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the... Moderate Unreviewed
CVE-2010-4177 was published Apr 21, 2022
An information disclosure vulnerability exists in the Web Application functionality of Moxa... High Unreviewed
CVE-2021-40392 was published Apr 15, 2022
An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of... Moderate Unreviewed
CVE-2021-45894 was published Apr 6, 2022
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are... High Unreviewed
CVE-2021-32982 was published Apr 5, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in... High Unreviewed
CVE-2021-33022 was published Apr 3, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has... Moderate Unreviewed
CVE-2003-5002 was published Mar 29, 2022
Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as... High Unreviewed
CVE-2022-0988 was published Mar 26, 2022
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP... High Unreviewed
CVE-2021-27422 was published Mar 24, 2022
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x... High Unreviewed
CVE-2020-25178 was published Mar 19, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following... Moderate Unreviewed
CVE-2021-41849 was published Mar 13, 2022
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext... High Unreviewed
CVE-2021-40846 was published Mar 5, 2022
The affected product is vulnerable due to cleartext transmission of credentials seen in the... Critical Unreviewed
CVE-2022-21798 was published Feb 26, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials Moderate
CVE-2022-25180 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router... Critical Unreviewed
CVE-2022-0162 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database