Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API Moderate
CVE-2022-29161 was published for org.xwiki.platform:xwiki-platform-crypto (Maven) May 24, 2022
Beaker Sensitive Information Disclosure vulnerability Moderate
CVE-2012-3458 was published for beaker (pip) May 17, 2022
Python Keyring does not securely initialize encryption cipher High
CVE-2012-4571 was published for keyring (pip) May 17, 2022
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
Dolibarr ERP and CRM Insecure Encryption Critical
CVE-2017-7888 was published for dolibarr/dolibarr (Composer) May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
Weak Cryptography in PHP-Proxy High
CVE-2018-19784 was published for athlon1600/php-proxy (Composer) May 13, 2022
Apache OpenMeetings has Inadequate Encryption Strength Critical
CVE-2017-7673 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 13, 2022
Inadequate Encryption Strength in Jenkins Moderate
CVE-2017-2598 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Apache Wicket insecure defaults High
CVE-2014-7808 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
Inadequate Encryption Strength in Apache CXF Moderate
CVE-2012-5575 was published for org.apache.cxf:cxf-rt-transports-http (Maven) May 13, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
Discoverability of user password hash in Statamic CMS Low
CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
RSA weakness in tslite-ng High
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
CLI does not correctly implement strict mode Low
GHSA-2xwp-m7mq-7q3r was published for aws-encryption-sdk-cli (pip) Oct 28, 2020
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-15811 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-18325 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database