GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
530 advisories
Filter by severity
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
High
CVE-2019-1010260
was published
for
com.github.shyiko.ktlint:ktlint-core
(Maven)
Apr 8, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Moderate
CVE-2019-12781
was published
for
Django
(pip)
Jul 3, 2019
Missing Encryption of Sensitive Data in yarn
High
CVE-2019-5448
was published
for
yarn
(npm)
Jul 31, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka
High
CVE-2019-12399
was published
for
org.apache.kafka:kafka
(Maven)
May 12, 2020
Remote Code Execution and download tracking in Mintegral SDK
Moderate
CVE-2020-7744
was published
for
com.mintegral.msdk:alphab
(Maven)
Apr 22, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Missing encryption in Apache Directory Studio
High
CVE-2021-33900
was published
for
org.apache.directory.studio:org.apache.directory.studio.parent
(Maven)
Aug 9, 2021
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android....
Moderate
Unreviewed
CVE-2021-44518
was published
Dec 3, 2021
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes...
High
Unreviewed
CVE-2021-45100
was published
Dec 17, 2021
The affected products contain vulnerable firmware, which could allow an attacker to sniff the...
High
Unreviewed
CVE-2021-4161
was published
Dec 28, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the...
High
Unreviewed
CVE-2021-20174
was published
Dec 31, 2021
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the...
High
Unreviewed
CVE-2021-20175
was published
Dec 31, 2021
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By...
High
Unreviewed
CVE-2021-20169
was published
Dec 31, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS...
High
Unreviewed
CVE-2021-20154
was published
Dec 31, 2021
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore,...
High
Unreviewed
CVE-2021-41835
was published
Jan 22, 2022
Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar...
High
Unreviewed
CVE-2021-29397
was published
Feb 9, 2022
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router...
Critical
Unreviewed
CVE-2022-0162
was published
Feb 11, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Moderate
CVE-2022-25180
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
The affected product is vulnerable due to cleartext transmission of credentials seen in the...
Critical
Unreviewed
CVE-2022-21798
was published
Feb 26, 2022
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext...
High
Unreviewed
CVE-2021-40846
was published
Mar 5, 2022
ProTip!
Advisories are also available from the
GraphQL API