Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

432 advisories

Loading
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in... Moderate Unreviewed
CVE-2009-2474 was published May 2, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to... Moderate Unreviewed
CVE-2005-4900 was published May 1, 2022
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for... Moderate Unreviewed
CVE-2005-2281 was published May 1, 2022
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher... Moderate Unreviewed
CVE-2005-0366 was published May 1, 2022
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password... Low Unreviewed
CVE-2002-1975 was published Apr 30, 2022
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password"... Low Unreviewed
CVE-2002-1946 was published Apr 30, 2022
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords ... Moderate Unreviewed
CVE-2002-1910 was published Apr 30, 2022
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password... Moderate Unreviewed
CVE-2002-1872 was published Apr 30, 2022
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user... Low Unreviewed
CVE-2002-1739 was published Apr 30, 2022
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that... Moderate Unreviewed
CVE-2002-1697 was published Apr 30, 2022
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the... Low Unreviewed
CVE-2002-1682 was published Apr 30, 2022
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users... Moderate Unreviewed
CVE-2001-1546 was published Apr 30, 2022
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote... Moderate Unreviewed
CVE-2004-2172 was published Apr 29, 2022
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak... High Unreviewed
CVE-2012-2130 was published Apr 23, 2022
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always... Critical Unreviewed
CVE-2011-4121 was published Apr 22, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed
CVE-2022-1318 was published Apr 21, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20677 was published Apr 16, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the... High Unreviewed
CVE-2022-0828 was published Apr 12, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who... High Unreviewed
CVE-2021-45104 was published Apr 7, 2022
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02... High Unreviewed
CVE-2021-32945 was published Apr 3, 2022
Discoverability of user password hash in Statamic CMS Low
CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-37209 was published Mar 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database