Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,145
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

462 advisories

Loading
An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an... Moderate Unreviewed
CVE-2019-19891 was published May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the... High Unreviewed
CVE-2019-20138 was published May 24, 2022
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a... Moderate Unreviewed
CVE-2019-8772 was published May 24, 2022
The Bitwarden server through 1.32.0 has a potentially unwanted KDF. Moderate Unreviewed
CVE-2019-19766 was published May 24, 2022
An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation... Moderate Unreviewed
CVE-2019-17428 was published May 24, 2022
Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012.20035 and earlier versions... High Unreviewed
CVE-2019-8237 was published May 24, 2022
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without... Moderate Unreviewed
CVE-2019-17356 was published May 24, 2022
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle... Moderate Unreviewed
CVE-2019-1338 was published May 24, 2022
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic... High Unreviewed
CVE-2019-4175 was published May 24, 2022
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it... Moderate Unreviewed
CVE-2019-15947 was published May 24, 2022
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub... Moderate Unreviewed
CVE-2019-14664 was published May 24, 2022
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is... High Unreviewed
CVE-2019-14332 was published May 24, 2022
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure ... High Unreviewed
CVE-2019-10639 was published May 24, 2022
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values... Moderate Unreviewed
CVE-2019-10638 was published May 24, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses... Moderate Unreviewed
CVE-2019-4102 was published May 24, 2022
Session data between cluster nodes during cluster synchronization is not properly encrypted in... Critical Unreviewed
CVE-2018-20810 was published May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2019-4151 was published May 24, 2022
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected... High Unreviewed
CVE-2018-1608 was published May 24, 2022
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2018-2007 was published May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API Moderate
CVE-2022-29161 was published for org.xwiki.platform:xwiki-platform-crypto (Maven) May 24, 2022
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through... Moderate Unreviewed
CVE-2020-16235 was published May 20, 2022
Beaker Sensitive Information Disclosure vulnerability Moderate
CVE-2012-3458 was published for beaker (pip) May 17, 2022
Python Keyring does not securely initialize encryption cipher High
CVE-2012-4571 was published for keyring (pip) May 17, 2022
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover... Moderate Unreviewed
CVE-2014-9199 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database