Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation... Critical Unreviewed
CVE-2024-0323 was published Feb 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Collision of hash values in github.com/bnb-chain/tss-lib Critical
CVE-2022-47931 was published for github.com/bnb-chain/tss-lib (Go) Dec 23, 2022
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to... Critical Unreviewed
CVE-2023-34130 was published Jul 13, 2023
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use... Critical Unreviewed
CVE-2017-9859 was published May 13, 2022
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three... Critical Unreviewed
CVE-2022-30273 was published Jul 27, 2022
DeviceFarmer stf uses DES-ECB Critical
CVE-2023-51839 was published for @devicefarmer/stf (npm) Jan 29, 2024
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of... Critical Unreviewed
CVE-2023-34039 was published Aug 29, 2023
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.... Critical Unreviewed
CVE-2021-31556 was published May 24, 2022
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Critical Unreviewed
CVE-2021-42216 was published Dec 16, 2021
Nablarch Incomplete Cryptography Critical
CVE-2019-5919 was published for com.nablarch.framework:nablarch-fw-web (Maven) May 13, 2022
chupaaaaaaan
Algorithms compute incorrect results in blake2 Critical
CVE-2019-16143 was published for blake2 (Rust) Aug 25, 2021
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client... Critical Unreviewed
CVE-2014-9969 was published May 17, 2022
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies... Critical Unreviewed
CVE-2021-31562 was published Jan 22, 2022
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded... Critical Unreviewed
CVE-2017-17717 was published May 14, 2022
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters... Critical Unreviewed
CVE-2017-17878 was published May 14, 2022
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which... Critical Unreviewed
CVE-2016-6602 was published May 14, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server... Critical Unreviewed
CVE-2017-4917 was published May 13, 2022
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio... Critical Unreviewed
CVE-2019-9483 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database