Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

514 advisories

Loading
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure... Moderate Unreviewed
CVE-2023-36608 was published Jul 3, 2023
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused... Moderate Unreviewed
CVE-2023-35890 was published Jul 7, 2023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM... High Unreviewed
CVE-2023-36749 was published Jul 11, 2023
there is a possible way to bypass cryptographic assurances due to a logic error in the code. This... High Unreviewed
CVE-2023-21399 was published Jul 13, 2023
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to... Critical Unreviewed
CVE-2023-34130 was published Jul 13, 2023
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2021-38933 was published Jul 19, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and... Moderate Unreviewed
CVE-2023-37484 was published Aug 8, 2023
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can... High Unreviewed
CVE-2023-23346 was published Aug 9, 2023
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can... High Unreviewed
CVE-2023-23347 was published Aug 9, 2023
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration... High Unreviewed
CVE-2023-4326 was published Aug 15, 2023
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration... High Unreviewed
CVE-2023-4331 was published Aug 15, 2023
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4327 was published Aug 15, 2023
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to... Moderate Unreviewed
CVE-2023-40371 was published Aug 24, 2023
IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic... High Unreviewed
CVE-2023-38730 was published Aug 28, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of... Critical Unreviewed
CVE-2023-34039 was published Aug 29, 2023
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on... High Unreviewed
CVE-2023-43635 was published Sep 20, 2023
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A... Moderate Unreviewed
CVE-2023-39252 was published Sep 21, 2023
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By... High Unreviewed
CVE-2023-3350 was published Oct 3, 2023
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could... High Unreviewed
CVE-2022-33160 was published Oct 7, 2023
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an... High Unreviewed
CVE-2023-30994 was published Oct 14, 2023
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is... Moderate Unreviewed
CVE-2023-40660 was published Nov 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database