Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols... Critical Unreviewed
CVE-2025-3200 was published Apr 28, 2025
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute... Critical Unreviewed
CVE-2014-8687 was published May 17, 2022
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which... Critical Unreviewed
CVE-2016-6602 was published May 14, 2022
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a... Critical Unreviewed
CVE-2022-3365 was published Jan 28, 2025
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs... Critical Unreviewed
CVE-2022-36937 was published May 10, 2023
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability Critical
CVE-2023-34758 was published for github.com/bishopfox/sliver (Go) Jun 21, 2023
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation... Critical Unreviewed
CVE-2024-0323 was published Feb 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Collision of hash values in github.com/bnb-chain/tss-lib Critical
CVE-2022-47931 was published for github.com/bnb-chain/tss-lib (Go) Dec 23, 2022
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to... Critical Unreviewed
CVE-2023-34130 was published Jul 13, 2023
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use... Critical Unreviewed
CVE-2017-9859 was published May 13, 2022
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three... Critical Unreviewed
CVE-2022-30273 was published Jul 27, 2022
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of... Critical Unreviewed
CVE-2023-34039 was published Aug 29, 2023
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.... Critical Unreviewed
CVE-2021-31556 was published May 24, 2022
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Critical Unreviewed
CVE-2021-42216 was published Dec 16, 2021
Nablarch Incomplete Cryptography Critical
CVE-2019-5919 was published for com.nablarch.framework:nablarch-fw-web (Maven) May 13, 2022
chupaaaaaaan
Algorithms compute incorrect results in blake2 Critical
CVE-2019-16143 was published for blake2 (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database