GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
458 advisories
Filter by severity
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL
High
Unreviewed
CVE-2020-25694
was published
Feb 15, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Moderate
Unreviewed
CVE-2022-21800
was published
Feb 19, 2022
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol...
Moderate
Unreviewed
CVE-2021-45081
was published
Feb 21, 2022
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method...
High
Unreviewed
CVE-2020-36516
was published
Feb 27, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker...
Moderate
Unreviewed
CVE-2021-43774
was published
Mar 4, 2022
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure...
High
Unreviewed
CVE-2021-27756
was published
Mar 5, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer
High
CVE-2022-27191
was published
for
golang.org/x/crypto
(Go)
Mar 19, 2022
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2022-22327
was published
Apr 2, 2022
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and...
High
Unreviewed
CVE-2021-33018
was published
Apr 3, 2022
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel...
Moderate
Unreviewed
CVE-2021-32593
was published
Apr 7, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote...
Critical
Unreviewed
CVE-2022-26854
was published
Apr 9, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard...
High
Unreviewed
CVE-2022-1252
was published
Apr 12, 2022
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm...
High
Unreviewed
CVE-2022-22559
was published
Apr 13, 2022
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-39076
was published
Apr 20, 2022
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation...
High
Unreviewed
CVE-2022-29566
was published
Apr 22, 2022
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG)...
Moderate
Unreviewed
CVE-2022-20805
was published
Apr 22, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Moderate
CVE-2011-2487
was published
for
org.apache.ws.security:wss4j
(Maven)
Apr 22, 2022
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
High
Unreviewed
CVE-2012-5623
was published
Apr 23, 2022
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-39082
was published
Apr 30, 2022
Information from SSL-encrypted sessions via PKCS #1.
Moderate
Unreviewed
CVE-1999-0007
was published
Apr 30, 2022
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt,...
Moderate
Unreviewed
CVE-2002-2058
was published
Apr 30, 2022
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead...
Moderate
Unreviewed
CVE-2005-2946
was published
May 1, 2022
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the...
Moderate
Unreviewed
CVE-2005-4860
was published
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API