Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,297
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption,... High Unreviewed
CVE-2020-9057 was published Jan 11, 2022
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including... High Unreviewed
CVE-2020-9058 was published Jan 11, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files High
CVE-2019-11405 was published for org.openapitools:openapi-generator (Maven) May 24, 2022
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions... High Unreviewed
CVE-2018-7781 was published May 13, 2022
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This... High Unreviewed
CVE-2018-5162 was published May 13, 2022
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext... High Unreviewed
CVE-2018-5261 was published May 13, 2022
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the... High Unreviewed
CVE-2018-5481 was published May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level... High Unreviewed
CVE-2018-14608 was published May 13, 2022
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer... High Unreviewed
CVE-2018-14607 was published May 13, 2022
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17... High Unreviewed
CVE-2017-9604 was published May 13, 2022
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud... High Unreviewed
CVE-2017-8221 was published May 13, 2022
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other... High Unreviewed
CVE-2017-15581 was published May 13, 2022
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a... High Unreviewed
CVE-2017-15609 was published May 13, 2022
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a... High Unreviewed
CVE-2017-15397 was published May 13, 2022
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for... High Unreviewed
CVE-2017-5251 was published May 13, 2022
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive... High Unreviewed
CVE-2018-1683 was published May 13, 2022
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the... High Unreviewed
CVE-2021-37189 was published Dec 11, 2021
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful... High Unreviewed
CVE-2021-37050 was published Dec 9, 2021
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by... High Unreviewed
CVE-2019-6518 was published May 13, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were... High Unreviewed
CVE-2017-12817 was published May 13, 2022
Missing Encryption of Sensitive Data in yarn High
CVE-2019-5448 was published for yarn (npm) Jul 31, 2019
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the... High Unreviewed
CVE-2021-41302 was published May 24, 2022
An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones... High Unreviewed
CVE-2021-22932 was published May 24, 2022
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone... High Unreviewed
CVE-2022-29945 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database