Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

653 advisories

Loading
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as... Low Unreviewed
CVE-2025-2120 was published Mar 9, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27622 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission Moderate
CVE-2025-27623 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330... High Unreviewed
CVE-2025-27685 was published Mar 5, 2025
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text.... Moderate Unreviewed
CVE-2024-10404 was published Feb 14, 2025
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain... Critical Unreviewed
CVE-2025-22896 was published Feb 14, 2025
Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record... High Unreviewed
CVE-2025-26495 was published Feb 11, 2025
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti... Moderate Unreviewed
CVE-2024-13843 was published Feb 11, 2025
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 ... Moderate Unreviewed
CVE-2024-53651 was published Feb 11, 2025
Sensitive data could be exposed to non- privileged users in a configuration file. Local access... Moderate Unreviewed
CVE-2024-45718 was published Feb 11, 2025
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB... Critical Unreviewed
CVE-2024-51547 was published Feb 6, 2025
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an... Moderate Unreviewed
CVE-2024-49800 was published Feb 6, 2025
Jenkins Zoom Plugin Stores Sensitive Information in Cleartext Moderate
CVE-2025-0142 was published for io.jenkins.plugins:zoom (Maven) Jan 30, 2025
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An... Moderate Unreviewed
CVE-2024-12079 was published Jan 23, 2025
Clear text secrets returned & Remote system secrets in clear text Moderate Unreviewed
CVE-2024-55928 was published Jan 23, 2025
Navidrome Stores JWT Secret in Plaintext in navidrome.db High
CVE-2024-56362 was published for github.com/navidrome/navidrome (Go) Dec 23, 2024
saisathvik1
Credited to saisathvik1
GoPhish sends cleartext passwords High
CVE-2024-55196 was published for github.com/gophish/gophish (Go) Dec 19, 2024
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0... Moderate Unreviewed
CVE-2024-50570 was published Dec 18, 2024
An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the... High Unreviewed
CVE-2024-51175 was published Dec 18, 2024
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in... Moderate Unreviewed
CVE-2024-35117 was published Dec 11, 2024
TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to transmit user... High Unreviewed
CVE-2024-46340 was published Dec 10, 2024
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. High Unreviewed
CVE-2024-40582 was published Dec 9, 2024
Oxide before 6 has unencrypted Control Plane datastores. Moderate Unreviewed
CVE-2024-55582 was published Dec 9, 2024
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a... Moderate Unreviewed
CVE-2024-54127 was published Dec 5, 2024
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in... Moderate Unreviewed
CVE-2024-12094 was published Dec 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database