Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,196 advisories

Loading
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Credited to sunSUNQ
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Improper permission handling in Apache Solr High
CVE-2021-29262 was published for org.apache.solr:solr-core (Maven) May 10, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Azure Active Directory Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-42306 was published Nov 25, 2021
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can... Moderate Unreviewed
CVE-2021-43327 was published Dec 3, 2021
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers... Moderate Unreviewed
CVE-2020-27413 was published Dec 8, 2021
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary... High Unreviewed
CVE-2021-43978 was published Dec 9, 2021
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37075 was published Dec 9, 2021
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root... Critical Unreviewed
CVE-2021-20146 was published Dec 10, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... Moderate Unreviewed
CVE-2021-37187 was published Dec 11, 2021
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. Moderate Unreviewed
CVE-2021-40857 was published Dec 14, 2021
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
Credited to gregorydlogan, lkiesow, and smarquard
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All... Moderate Unreviewed
CVE-2021-42023 was published Dec 15, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database