Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

462 advisories

Loading
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more... Moderate Unreviewed
CVE-2024-13454 was published Jan 20, 2025
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
In multiple places of AccessibilityService, there is a possible way to hide the app from the user... High Unreviewed
CVE-2023-21109 was published May 16, 2023
Apache Tomcat Request and/or response mix-up Moderate
CVE-2024-52317 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 18, 2024
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard... High Unreviewed
CVE-2023-30351 was published May 10, 2023
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat:tomcat-jasper (Maven) Nov 18, 2024
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not... Moderate Unreviewed
CVE-2024-29951 was published Apr 17, 2024
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0... High Unreviewed
CVE-2024-29969 was published Apr 19, 2024
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa... High Unreviewed
CVE-2024-29950 was published Apr 17, 2024
Electra Central AC unit – The unit opens an AP with an easily calculated password. Moderate Unreviewed
CVE-2023-24502 was published Jul 6, 2023
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC... High Unreviewed
CVE-2024-54089 was published Feb 11, 2025
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as... Low Unreviewed
CVE-2025-2349 was published Mar 17, 2025
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a... High Unreviewed
CVE-2022-43460 was published Feb 13, 2023
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be... Moderate Unreviewed
CVE-2020-36250 was published May 24, 2022
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could... Moderate Unreviewed
CVE-2022-43922 was published Feb 1, 2023
The use of a weak cryptographic key pair in the signature verification process in WPS Office ... Critical Unreviewed
CVE-2025-2516 was published Mar 27, 2025
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet... Moderate Unreviewed
CVE-2011-3389 was published May 13, 2022
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier... High Unreviewed
CVE-2013-4508 was published May 13, 2022
Certain General Electric Renewable Energy products have inadequate encryption strength. This... Critical Unreviewed
CVE-2022-24116 was published Dec 26, 2022
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict... High Unreviewed
CVE-2014-0224 was published May 13, 2022
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to... Moderate Unreviewed
CVE-2005-4900 was published May 1, 2022
When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed
CVE-2022-1520 was published Dec 22, 2022
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities.... Low Unreviewed
CVE-2024-42177 was published Apr 17, 2025
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may... High Unreviewed
CVE-2020-14481 was published Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database