Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,673
Maven
5,000+
npm
5,000+
NuGet
932
pip
4,891
Pub
13
RubyGems
1,051
Rust
1,315
Swift
53
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
LiteLLM: Password hash exposure and pass-the-hash authentication bypass High
GHSA-69x8-hrgq-fjj8 was published for litellm (pip) Apr 8, 2026
Liferay Portal defaults to a low work factor for the default password hashing algorithm High
CVE-2024-25607 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Feb 20, 2024
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40... Moderate Unreviewed
CVE-2008-1526 was published May 1, 2022
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting... High Unreviewed
CVE-2001-0967 was published Apr 30, 2022
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for... Moderate Unreviewed
CVE-2002-1657 was published Apr 30, 2022
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the... High Unreviewed
CVE-2005-0408 was published May 1, 2022
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local... Low Unreviewed
CVE-2006-1058 was published May 1, 2022
Flowise has Insufficient Password Salt Rounds Moderate
GHSA-x2g5-fvc2-gqvp was published for flowise (npm) Mar 5, 2026
kolega-ai-dev Credited to kolega-ai-dev
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could... Moderate Unreviewed
CVE-2024-24553 was published Jun 24, 2024
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. Moderate Unreviewed
CVE-2025-67168 was published Dec 17, 2025
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS)... Moderate Unreviewed
CVE-2025-13532 was published Dec 16, 2025
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root"... Moderate Unreviewed
CVE-2025-41692 was published Dec 9, 2025
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router ... Moderate Unreviewed
CVE-2025-46413 was published Nov 7, 2025
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as... Low Unreviewed
CVE-2025-2349 was published Mar 17, 2025
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier... Moderate Unreviewed
CVE-2014-2354 was published May 17, 2022
NeuVector has an insecure password storage vulnerable to rainbow attack Moderate
CVE-2025-53884 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona... Moderate Unreviewed
CVE-2024-7701 was published Dec 15, 2024
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara... High Unreviewed
CVE-2025-3937 was published May 22, 2025
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low... Moderate Unreviewed
CVE-2025-24340 was published Apr 30, 2025
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed... High Unreviewed
CVE-2025-2265 was published Mar 13, 2025
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash... Moderate Unreviewed
CVE-2023-33838 was published Jan 29, 2025
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database