GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
432 advisories
Filter by severity
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version...
Moderate
Unreviewed
CVE-2022-34385
was published
Feb 11, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers...
High
Unreviewed
CVE-2023-21444
was published
Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows...
High
Unreviewed
CVE-2023-21443
was published
Feb 9, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,...
High
Unreviewed
CVE-2022-38469
was published
Jan 18, 2023
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt...
Moderate
Unreviewed
CVE-2021-40341
was published
Jan 6, 2023
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Moderate
CVE-2022-2582
was published
for
github.com/aws/aws-sdk-go
(Go)
Dec 28, 2022
Certain General Electric Renewable Energy products have inadequate encryption strength. This...
Critical
Unreviewed
CVE-2022-24116
was published
Dec 26, 2022
When viewing an email message A, which contains an attached message B, where B is encrypted or...
Moderate
Unreviewed
CVE-2022-1520
was published
Dec 22, 2022
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is...
High
Unreviewed
CVE-2022-38659
was published
Dec 19, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open...
Low
Unreviewed
CVE-2022-46825
was published
Dec 8, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up...
Moderate
Unreviewed
CVE-2022-4036
was published
Nov 29, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
The application was signed using a key length less than or equal to 1024 bits, making it...
High
Unreviewed
CVE-2020-4099
was published
Nov 1, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method...
Moderate
Unreviewed
CVE-2022-41209
was published
Oct 12, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field...
Moderate
Unreviewed
CVE-2021-35226
was published
Oct 11, 2022
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse...
Moderate
Unreviewed
CVE-2022-3433
was published
Oct 11, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
In affected versions of Octopus Server it was identified that the same encryption process was...
Moderate
Unreviewed
CVE-2022-2781
was published
Oct 6, 2022
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to...
High
Unreviewed
CVE-2022-40141
was published
Sep 20, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An...
Moderate
Unreviewed
CVE-2022-29835
was published
Sep 20, 2022
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a...
Critical
Unreviewed
CVE-2021-42949
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure...
Moderate
Unreviewed
CVE-2022-30683
was published
Sep 17, 2022
Blink1Control2 uses weak password encryption
High
CVE-2022-35513
was published
for
Blink1Control2
(npm)
Sep 8, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which...
High
Unreviewed
CVE-2022-2083
was published
Sep 6, 2022
ProTip!
Advisories are also available from the
GraphQL API