Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

84 advisories

Loading
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
CBC padding oracle issue in AWS S3 Crypto SDK for golang Moderate
CVE-2020-8911 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy High
CVE-2021-42583 was published for github.com/foxcpp/maddy (Go) Jan 6, 2022
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
Inadequate Encryption Strength in Apache NiFi High
CVE-2020-9491 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
Use of Sha-1 in tusdotnet Low
CVE-2021-44150 was published for tusdotnet (NuGet) Nov 29, 2021 withdrawn
Broken encryption in EdgeX Foundry Moderate
CVE-2021-41278 was published for github.com/edgexfoundry/app-functions-sdk-go (Go) Nov 19, 2021
bnevis-i
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
Algorithms compute incorrect results in blake2 Critical
CVE-2019-16143 was published for blake2 (Rust) Aug 25, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform High
CVE-2019-19316 was published for github.com/hashicorp/terraform (Go) May 18, 2021
Timing attacks in python-rsa High
CVE-2020-25658 was published for rsa (pip) Apr 30, 2021
Python-RSA decryption of ciphertext leads to DoS High
CVE-2020-13757 was published for rsa (pip) Mar 24, 2021
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
Insecure Cryptography Algorithm in parsel Critical
GHSA-wqgx-4q47-j2w5 was published for parsel (npm) Sep 4, 2020
ProTip! Advisories are also available from the GraphQL API