Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

514 advisories

Loading
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used... Moderate Unreviewed
CVE-2018-5745 was published May 24, 2022
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected... High Unreviewed
CVE-2019-4399 was published May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential... Moderate Unreviewed
CVE-2019-18659 was published May 24, 2022
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in... High Unreviewed
CVE-2019-19962 was published May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the... High Unreviewed
CVE-2019-20138 was published May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy... High Unreviewed
CVE-2020-7514 was published May 24, 2022
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed... Moderate Unreviewed
CVE-2020-5943 was published May 24, 2022
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support... Moderate Unreviewed
CVE-2022-40722 was published Apr 25, 2023
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2... High Unreviewed
CVE-2023-27557 was published Apr 28, 2023
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11... High Unreviewed
CVE-2023-30441 was published Apr 29, 2023
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2... High Unreviewed
CVE-2022-45858 was published May 4, 2023
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic... High Unreviewed
CVE-2022-22313 was published May 6, 2023
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm... High Unreviewed
CVE-2023-28076 was published May 16, 2023
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade... Moderate Unreviewed
CVE-2023-28043 was published Jun 1, 2023
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1... High Unreviewed
CVE-2022-43949 was published Jun 13, 2023
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type... High Unreviewed
CVE-2023-21115 was published Jun 15, 2023
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered... High Unreviewed
CVE-2023-28006 was published Jun 23, 2023
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure... Moderate Unreviewed
CVE-2023-36608 was published Jul 3, 2023
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused... Moderate Unreviewed
CVE-2023-35890 was published Jul 7, 2023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM... High Unreviewed
CVE-2023-36749 was published Jul 11, 2023
there is a possible way to bypass cryptographic assurances due to a logic error in the code. This... High Unreviewed
CVE-2023-21399 was published Jul 13, 2023
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to... Critical Unreviewed
CVE-2023-34130 was published Jul 13, 2023
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2021-38933 was published Jul 19, 2023
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can... High Unreviewed
CVE-2023-23346 was published Aug 9, 2023
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can... High Unreviewed
CVE-2023-23347 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database