Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

462 advisories

Loading
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure... High Unreviewed
CVE-2017-1319 was published May 17, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or... Critical Unreviewed
CVE-2017-7229 was published May 17, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than... High Unreviewed
CVE-2022-22464 was published Jul 9, 2022
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2017-1179 was published May 17, 2022
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and... Moderate Unreviewed
CVE-2017-2391 was published May 17, 2022
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2017-1224 was published May 17, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method... Moderate Unreviewed
CVE-2022-41209 was published Oct 12, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an... High Unreviewed
CVE-2022-21139 was published Aug 19, 2022
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component... Moderate Unreviewed
CVE-2021-41061 was published May 24, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... High Unreviewed
CVE-2021-27457 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash... High Unreviewed
CVE-2021-38979 was published May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1... Moderate Unreviewed
CVE-2021-31798 was published May 24, 2022
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected... High Unreviewed
CVE-2021-20337 was published May 24, 2022
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted... Moderate Unreviewed
CVE-2021-37546 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number... High Unreviewed
CVE-2021-41829 was published May 24, 2022
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may... High Unreviewed
CVE-2021-31796 was published May 24, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming... Moderate Unreviewed
CVE-2022-2758 was published Sep 1, 2022
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the... Low Unreviewed
CVE-2020-14263 was published May 24, 2022
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which... High Unreviewed
CVE-2021-29794 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. Moderate Unreviewed
CVE-2021-37551 was published May 24, 2022
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Moderate Unreviewed
CVE-2021-37587 was published May 24, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4... Critical Unreviewed
CVE-2021-24020 was published May 24, 2022
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2020-4965 was published May 24, 2022
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. High Unreviewed
CVE-2021-28213 was published May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic... Critical Unreviewed
CVE-2021-27200 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database