Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,699
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,941
NuGet
708
pip
3,708
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Docker Swarm encrypted overlay network traffic may be unencrypted Moderate
CVE-2023-28841 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere cpuguy83
tianon laurazard akerouanton quadespresso neersighted
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear... Moderate Unreviewed
CVE-2022-38458 was published Mar 21, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls... Moderate Unreviewed
CVE-2022-21940 was published Feb 9, 2023
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. Moderate Unreviewed
CVE-2022-47715 was published Feb 1, 2023
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore... Moderate Unreviewed
CVE-2023-23127 was published Feb 1, 2023
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the... Moderate Unreviewed
CVE-2022-3781 was published Nov 2, 2022
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to... Moderate Unreviewed
CVE-2022-35860 was published Oct 19, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. Moderate Unreviewed
CVE-2020-15330 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Moderate Unreviewed
CVE-2020-15343 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Moderate Unreviewed
CVE-2020-15344 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Moderate Unreviewed
CVE-2020-15346 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Moderate Unreviewed
CVE-2020-15342 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Moderate Unreviewed
CVE-2020-15345 was published Sep 30, 2022
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca... Moderate Unreviewed
CVE-2022-3251 was published Sep 22, 2022
rdiffweb has insecure HTTP cookies Moderate
CVE-2022-3250 was published for rdiffweb (pip) Sep 22, 2022
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management... Moderate Unreviewed
CVE-2022-39014 was published Sep 14, 2022
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only... Moderate Unreviewed
CVE-2022-26390 was published Sep 10, 2022
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may... Moderate Unreviewed
CVE-2022-38194 was published Aug 17, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a... Moderate Unreviewed
CVE-2022-20219 was published Jul 14, 2022
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40650 was published Jun 15, 2022
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Moderate Unreviewed
CVE-2021-27783 was published May 26, 2022
Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open... Moderate Unreviewed
CVE-2021-3774 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database