GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
could allow a privileged user to...
Moderate
Unreviewed
CVE-2023-50956
was published
Dec 18, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9
stores user credentials in...
Moderate
Unreviewed
CVE-2024-52361
was published
Dec 18, 2024
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in...
High
Unreviewed
CVE-2024-53292
was published
Dec 11, 2024
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords...
High
Unreviewed
CVE-2024-36460
was published
Aug 12, 2024
Certain models of routers from Billion Electric has a Plaintext Storage of a Password...
High
Unreviewed
CVE-2024-11982
was published
Nov 29, 2024
When exporting media types, the password is exported in the YAML in plain text. This appears to...
Low
Unreviewed
CVE-2024-36464
was published
Nov 27, 2024
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center ...
Moderate
Unreviewed
CVE-2021-1126
was published
May 24, 2022
User passwords are decrypted and stored on memory before any user logged in. Those decrypted...
Moderate
Unreviewed
CVE-2024-29978
was published
Nov 26, 2024
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be...
Moderate
Unreviewed
CVE-2024-49351
was published
Nov 26, 2024
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store...
Unknown
Unreviewed
CVE-2024-40116
was published
Jul 26, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
A vulnerability in the storage method of the PON Controller configuration file could allow an...
High
Unreviewed
CVE-2024-20489
was published
Sep 11, 2024
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of...
Low
Unreviewed
CVE-2024-42496
was published
Sep 30, 2024
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to...
Moderate
Unreviewed
CVE-2024-31899
was published
Sep 26, 2024
An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to...
High
Unreviewed
CVE-2024-44815
was published
Sep 10, 2024
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain...
Critical
Unreviewed
CVE-2024-5960
was published
Sep 18, 2024
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in...
High
Unreviewed
CVE-2023-41610
was published
Sep 18, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain...
Moderate
Unreviewed
CVE-2024-39733
was published
Jul 14, 2024
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The...
Moderate
Unreviewed
CVE-2024-45283
was published
Sep 10, 2024
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub...
Critical
Unreviewed
CVE-2024-6118
was published
Aug 5, 2024
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a...
Critical
Unreviewed
CVE-2024-36081
was published
May 19, 2024
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO!...
Moderate
Unreviewed
CVE-2024-39922
was published
Aug 13, 2024
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an...
Moderate
Unreviewed
CVE-2024-3082
was published
Jul 31, 2024
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Low
CVE-2019-16572
was published
for
org.jenkins-ci.plugins:weibo
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API