Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2... Critical Unreviewed
CVE-2020-26197 was published May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic... Critical Unreviewed
CVE-2021-27200 was published May 24, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4... Critical Unreviewed
CVE-2021-24020 was published May 24, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or... Critical Unreviewed
CVE-2017-7229 was published May 17, 2022
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory... Critical Unreviewed
CVE-2020-11684 was published May 24, 2022
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration... Critical Unreviewed
CVE-2020-29658 was published May 24, 2022
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX... Critical Unreviewed
CVE-2021-21507 was published May 24, 2022
Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which... Critical Unreviewed
CVE-2022-36555 was published Aug 30, 2022
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170... Critical Unreviewed
CVE-2016-5804 was published May 13, 2022
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of... Critical Unreviewed
CVE-2019-10907 was published May 13, 2022
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA)... Critical Unreviewed
CVE-2018-0448 was published May 13, 2022
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in... Critical Unreviewed
CVE-2017-16726 was published May 13, 2022
Apache OpenMeetings has Inadequate Encryption Strength Critical
CVE-2017-7673 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 13, 2022
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum,... Critical Unreviewed
CVE-2018-7242 was published May 14, 2022
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version ... Critical Unreviewed
CVE-2018-15124 was published May 14, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to... Critical Unreviewed
CVE-2017-14090 was published May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback... Critical Unreviewed
CVE-2014-9975 was published May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure... Critical Unreviewed
CVE-2015-0575 was published May 17, 2022
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Dolibarr ERP and CRM Insecure Encryption Critical
CVE-2017-7888 was published for dolibarr/dolibarr (Composer) May 17, 2022
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,... Critical Unreviewed
CVE-2021-45512 was published Dec 27, 2021
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Session data between cluster nodes during cluster synchronization is not properly encrypted in... Critical Unreviewed
CVE-2018-20810 was published May 24, 2022
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always... Critical Unreviewed
CVE-2011-4121 was published Apr 22, 2022
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2... Critical Unreviewed
CVE-2017-11317 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database