Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

180 advisories

Loading
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. High Unreviewed
CVE-2012-5623 was published Apr 23, 2022
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. High Unreviewed
CVE-2022-37177 was published Aug 30, 2022
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic... High Unreviewed
CVE-2024-22463 was published Mar 4, 2024
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. High
CVE-2023-51838 was published for meshcentral (npm) Feb 2, 2024
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7858 was published for magento/community-edition (Composer) May 24, 2022
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation... High Unreviewed
CVE-2007-5460 was published May 1, 2022
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak... High Unreviewed
CVE-2007-4150 was published May 1, 2022
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J High
CVE-2015-0226 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
r3kumar
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not... High Unreviewed
CVE-2021-46900 was published Dec 31, 2023
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption,... High Unreviewed
CVE-2023-50350 was published Jan 3, 2024
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt... High Unreviewed
CVE-2021-45450 was published Dec 22, 2021
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported... High Unreviewed
CVE-2021-2351 was published May 24, 2022
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x... High Unreviewed
CVE-2020-26515 was published May 24, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
The combination of various cryptographic issues in the session management of FortiMail 6.4.0... High Unreviewed
CVE-2021-26095 was published May 24, 2022
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual... High Unreviewed
CVE-2019-1706 was published May 24, 2022
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to... High Unreviewed
CVE-2021-46559 was published Jan 27, 2022
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic... High Unreviewed
CVE-2021-45487 was published Dec 26, 2021
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. High Unreviewed
CVE-2021-45488 was published Dec 26, 2021
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database