Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,943
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths Low
GHSA-3g92-f9ch-qjcm was published for p3-symmetric (Rust) Apr 16, 2026
Poseidon V1 variable-length input collision via implicit zero-padding High
CVE-2026-32129 was published for soroban-poseidon (Rust) Mar 13, 2026
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi... Moderate Unreviewed
CVE-2025-41762 was published Mar 9, 2026
Flowise has Insufficient Password Salt Rounds Moderate
GHSA-x2g5-fvc2-gqvp was published for flowise (npm) Mar 5, 2026
kolega-ai-dev Credited to kolega-ai-dev
@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script High
GHSA-8986-v76q-8vr2 was published for @keep-network/tbtc-v2 (npm) Mar 2, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5... Moderate Unreviewed
CVE-2026-27754 was published Feb 27, 2026
OpenClaw replaced a deprecated sandbox hash algorithm High
CVE-2026-28479 was published for openclaw (npm) Feb 19, 2026
kexinoh Credited to kexinoh
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
DragonFly has weak integrity checks for downloaded files Moderate
CVE-2025-59354 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Mattermost makes Use of Weak Hash Moderate
CVE-2025-9078 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
CWE-328: Use of Weak Hash Moderate Unreviewed
CVE-2025-55053 was published Sep 9, 2025
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak... Moderate Unreviewed
CVE-2025-54535 was published Jul 28, 2025
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e... High Unreviewed
CVE-2025-41256 was published Jun 26, 2025
The application uses a weak password hash function, allowing an attacker to crack the weak... Moderate Unreviewed
CVE-2025-49197 was published Jun 12, 2025
Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data... Moderate Unreviewed
CVE-2024-23589 was published May 30, 2025
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up... Low Unreviewed
CVE-2025-48931 was published May 28, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6... Moderate Unreviewed
CVE-2024-38341 was published May 28, 2025
The devices are vulnerable to an authentication bypass due to flaws in the authorization... Critical Unreviewed
CVE-2025-41652 was published May 27, 2025
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting Moderate
CVE-2024-47829 was published for pnpm (npm) Apr 23, 2025
kexinoh Credited to kexinoh
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4... Moderate Unreviewed
CVE-2025-3576 was published Apr 15, 2025
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy Credited to emilazy
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy Credited to emilazy and EliahKagan EliahKagan EliahKagan
SageMaker Workflow component allows possibility of MD5 hash collisions Moderate
CVE-2025-0508 was published for sagemaker (pip) Mar 20, 2025
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password... Critical Unreviewed
CVE-2025-27595 was published Mar 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database