Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

514 advisories

Loading
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ... Moderate Unreviewed
CVE-2020-1596 was published May 24, 2022
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of... Critical Unreviewed
CVE-2023-34039 was published Aug 29, 2023
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR... Low Unreviewed
CVE-2019-18340 was published May 24, 2022
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not... High Unreviewed
CVE-2021-46900 was published Dec 31, 2023
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50939 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50937 was published Feb 2, 2024
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak... High Unreviewed
CVE-2007-4150 was published May 1, 2022
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation... High Unreviewed
CVE-2007-5460 was published May 1, 2022
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0,... Moderate Unreviewed
CVE-2024-22361 was published Feb 10, 2024
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7858 was published for magento/community-edition (Composer) May 24, 2022
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. High
CVE-2023-51838 was published for meshcentral (npm) Feb 2, 2024
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34310 was published Feb 12, 2024
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34309 was published Feb 12, 2024
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt,... Moderate Unreviewed
CVE-2002-2058 was published Apr 30, 2022
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local... Low Unreviewed
CVE-2008-3775 was published May 2, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database