GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Low
CVE-2023-41335
was published
for
matrix-synapse
(pip)
Sep 26, 2023
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in...
Low
Unreviewed
CVE-2023-5359
was published
Sep 25, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information...
Low
Unreviewed
CVE-2023-37396
was published
Apr 19, 2024
Infinispan caches credentials in clear text
Low
CVE-2023-5384
was published
for
org.infinispan:infinispan-cachestore-jdbc
(Maven)
Dec 28, 2023
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in...
Low
Unreviewed
CVE-2024-28024
was published
Jun 11, 2024
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This...
Low
Unreviewed
CVE-2024-4235
was published
Apr 26, 2024
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5,...
Low
Unreviewed
CVE-2023-3950
was published
Sep 1, 2023
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6...
Low
Unreviewed
CVE-2022-22302
was published
Jul 11, 2023
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish...
Low
Unreviewed
CVE-2008-1567
was published
May 1, 2022
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext...
Low
Unreviewed
CVE-2005-2209
was published
May 1, 2022
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a...
Low
Unreviewed
CVE-2002-1696
was published
Apr 30, 2022
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR...
Low
Unreviewed
CVE-2019-19291
was published
May 24, 2022
DingTalk Plugin stores credentials in plain text
Low
CVE-2019-10433
was published
for
io.jenkins.plugins:dingding-notifications
(Maven)
May 24, 2022
Jenkins lambdatest-automation Plugin may expose Credentials access token
Low
CVE-2023-46653
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Sensitive information disclosure due to cleartext storage of sensitive information in memory. The...
Low
Unreviewed
CVE-2023-44153
was published
Sep 27, 2023
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected...
Low
Unreviewed
CVE-2023-4392
was published
Aug 17, 2023
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and...
Low
Unreviewed
CVE-2023-2863
was published
May 24, 2023
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Artifactory Plugin
Low
CVE-2020-2164
was published
for
org.jenkins-ci.plugins:artifactory
(Maven)
May 24, 2022
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Low
CVE-2023-30527
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
Apr 12, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Low
CVE-2023-30528
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
Apr 12, 2023
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in...
Low
Unreviewed
CVE-2023-23776
was published
Mar 7, 2023
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API