Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

462 advisories

Loading
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover... Moderate Unreviewed
CVE-2014-9199 was published May 17, 2022
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0... High Unreviewed
CVE-2025-46409 was published Aug 28, 2025
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic... High Unreviewed
CVE-2019-4160 was published May 24, 2022
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective... Critical Unreviewed
CVE-2025-45765 was published Aug 7, 2025
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-37209 was published Mar 9, 2022
jsrsasign v11.1.0 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45764 was published Aug 6, 2025
jwt v5.4.3 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45770 was published Jul 31, 2025
php-jwt v6.11.0 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45769 was published Jul 31, 2025
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote... Moderate Unreviewed
CVE-2024-10026 was published Jan 30, 2025
IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and... Moderate Unreviewed
CVE-2025-36106 was published Jul 21, 2025
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected... Moderate Unreviewed
CVE-2025-7789 was published Jul 18, 2025
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on... High Unreviewed
CVE-2025-7398 was published Jul 18, 2025
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to... Moderate Unreviewed
CVE-2025-48823 was published Jul 8, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6... Moderate Unreviewed
CVE-2024-38341 was published May 28, 2025
A vulnerability classified as problematic was found in calmkart Django-sso-server up to... Moderate Unreviewed
CVE-2025-4894 was published May 18, 2025
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber... Moderate Unreviewed
CVE-2025-48960 was published Jun 4, 2025
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded... Moderate Unreviewed
CVE-2025-43925 was published Jun 3, 2025
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed
CVE-2021-42949 was published Sep 17, 2022
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform ... High Unreviewed
CVE-2019-13539 was published May 24, 2022
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on... Moderate Unreviewed
CVE-2025-27524 was published May 15, 2025
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge... Moderate Unreviewed
CVE-2025-22446 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database