GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
192 advisories
Filter by severity
Apache Tomcat - XSS in generated JSPs
Moderate
CVE-2024-52318
was published
for
org.apache.tomcat:tomcat-jasper
(Maven)
Nov 18, 2024
Apache Tomcat Request and/or response mix-up
Moderate
CVE-2024-52317
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 18, 2024
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800,...
Moderate
Unreviewed
CVE-2024-45259
was published
Oct 24, 2024
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The...
Moderate
Unreviewed
CVE-2024-41681
was published
Aug 13, 2024
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign...
Moderate
Unreviewed
CVE-2024-40719
was published
Aug 2, 2024
An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not...
Moderate
Unreviewed
CVE-2024-37034
was published
Jul 27, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords...
Moderate
Unreviewed
CVE-2024-34113
was published
Jun 13, 2024
Weak encryption in Ninja Core
Moderate
CVE-2024-36823
was published
for
org.ninjaframework:ninja-core
(Maven)
Jun 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-40745
was published
Apr 19, 2024
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not...
Moderate
Unreviewed
CVE-2024-29951
was published
Apr 17, 2024
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an...
Moderate
Unreviewed
CVE-2024-3387
was published
Apr 10, 2024
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the...
Moderate
Unreviewed
CVE-2024-28755
was published
Apr 3, 2024
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that...
Moderate
Unreviewed
CVE-2022-32753
was published
Mar 22, 2024
An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps...
Moderate
Unreviewed
CVE-2024-22894
was published
Jan 30, 2024
Lantronix XPort sends weakly encoded credentials within web request headers.
Moderate
Unreviewed
CVE-2023-7237
was published
Jan 24, 2024
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-20692
was published
Jan 9, 2024
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26941
was published
Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26942
was published
Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26943
was published
Dec 5, 2023
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to...
Moderate
Unreviewed
CVE-2023-48034
was published
Nov 27, 2023
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and...
Moderate
Unreviewed
CVE-2023-43757
was published
Nov 16, 2023
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47373
was published
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API