GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Gorush uses deprecated TLS versions
Moderate
CVE-2024-41270
was published
for
github.com/appleboy/gorush
(Go)
Aug 6, 2024
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
fuel/core Crypt encryption compromised.
Moderate
GHSA-fgrx-4637-fcf5
was published
for
fuel/core
(Composer)
May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
PHP Censor uses a weak hashing algorithm for the remember me key
Moderate
CVE-2024-34914
was published
for
php-censor/php-censor
(Composer)
May 14, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Chosen Ciphertext Attack in Jose4j
Moderate
GHSA-jgvc-jfgh-rjvv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Apr 27, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
Logic error in Matrix SDK for Android
Moderate
CVE-2021-40824
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
May 24, 2022
python-apt Flawed Package Integrity Check
Moderate
CVE-2019-15795
was published
for
python-apt
(pip)
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Moderate
CVE-2011-2487
was published
for
org.apache.ws.security:wss4j
(Maven)
Apr 22, 2022
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Laravel Framework XSS in Blade templating engine
Moderate
CVE-2021-43808
was published
for
illuminate/view
(Composer)
Dec 8, 2021
Broken encryption in EdgeX Foundry
Moderate
CVE-2021-41278
was published
for
github.com/edgexfoundry/app-functions-sdk-go
(Go)
Nov 19, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Elliptic Uses a Broken or Risky Cryptographic Algorithm
Moderate
CVE-2020-28498
was published
for
elliptic
(npm)
Mar 8, 2021
Ciphertext Malleability Issue in Tink Java
Moderate
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API