Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,995
NuGet
720
pip
3,789
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

172 advisories

Loading
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2024-20515 was published Oct 2, 2024
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active... Moderate Unreviewed
CVE-2023-52948 was published Sep 26, 2024
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup... Moderate Unreviewed
CVE-2023-52950 was published Sep 26, 2024
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM ... Moderate Unreviewed
CVE-2023-41096 was published Oct 26, 2023
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical... Moderate Unreviewed
CVE-2023-27291 was published Mar 3, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2024-20503 was published Sep 4, 2024
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39746 was published Aug 22, 2024
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-31905 was published Aug 15, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed
CVE-2023-49927 was published Jun 5, 2024
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data... Moderate Unreviewed
CVE-2024-38302 was published Jul 18, 2024
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel... Moderate Unreviewed
CVE-2019-1547 was published May 24, 2022
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow... Moderate Unreviewed
CVE-2024-5731 was published Jun 14, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt Moderate
GHSA-ph62-fv59-vf9h was published for silverstripe/framework (Composer) May 27, 2024
Croc requires senders to provide local IP addresses in cleartext Moderate
CVE-2023-43618 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
Vulnerable data in transit in GE HealthCare EchoPAC products Moderate Unreviewed
CVE-2024-27106 was published May 14, 2024
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22386 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22377 was published Oct 17, 2023
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-33161 was published Oct 14, 2023
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN... Moderate Unreviewed
CVE-2023-23371 was published Oct 6, 2023
Push notifications stored on disk in private browsing mode were not being encrypted potentially... Moderate Unreviewed
CVE-2023-4580 was published Sep 11, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by... Moderate Unreviewed
CVE-2022-22405 was published Sep 8, 2023
Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians... Moderate Unreviewed
CVE-2023-40251 was published Aug 17, 2023
Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to... Moderate Unreviewed
CVE-2023-39841 was published Aug 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database