Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,145
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

462 advisories

Loading
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote... High Unreviewed
CVE-2023-27389 was published Apr 11, 2023
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40... High Unreviewed
CVE-2022-4048 was published May 15, 2023
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool... Moderate Unreviewed
CVE-2023-1764 was published May 17, 2023
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can... Moderate Unreviewed
CVE-2023-33982 was published May 24, 2023
A compromised web child process could disable web security opening restrictions, leading to a new... Moderate Unreviewed
CVE-2023-23597 was published Jun 2, 2023
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the... Moderate Unreviewed
CVE-2023-29549 was published Jun 2, 2023
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption... High Unreviewed
CVE-2023-34337 was published Jul 5, 2023
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with... High Unreviewed
CVE-2022-2640 was published Jul 6, 2023
Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the... High Unreviewed
CVE-2023-2443 was published Jul 6, 2023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM... Moderate Unreviewed
CVE-2023-36748 was published Jul 11, 2023
The BigFix WebUI uses weak cipher suites. High Unreviewed
CVE-2023-28021 was published Jul 18, 2023
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27... High Unreviewed
CVE-2023-0525 was published Aug 4, 2023
An inadequate encryption strength vulnerability has been reported to affect QNAP operating... High Unreviewed
CVE-2023-34971 was published Aug 24, 2023
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are... Moderate Unreviewed
CVE-2022-46783 was published Aug 28, 2023
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS... High Unreviewed
CVE-2023-41305 was published Sep 27, 2023
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength... High Unreviewed
CVE-2023-4129 was published Sep 27, 2023
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure... Moderate Unreviewed
CVE-2023-43776 was published Oct 17, 2023
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated... High Unreviewed
CVE-2023-30132 was published Oct 19, 2023
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an... Moderate Unreviewed
CVE-2024-3387 was published Apr 10, 2024
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier)... Moderate Unreviewed
CVE-2023-28124 was published Apr 19, 2023
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains... Moderate Unreviewed
CVE-2023-33283 was published Jun 7, 2023
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-20692 was published Jan 9, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information... Moderate Unreviewed
CVE-2022-40745 was published Apr 19, 2024
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 ... Low Unreviewed
CVE-2023-28896 was published Dec 1, 2023
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database