Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than... Moderate Unreviewed
CVE-2022-22310 was published Jan 20, 2022
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query... Moderate Unreviewed
CVE-2021-37606 was published May 24, 2022
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Moderate Unreviewed
CVE-2021-25761 was published May 24, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An... Moderate Unreviewed
CVE-2022-29835 was published Sep 20, 2022
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG)... Moderate Unreviewed
CVE-2022-20805 was published Apr 22, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Moderate Unreviewed
CVE-2022-21800 was published Feb 19, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API Moderate
CVE-2022-29161 was published for org.xwiki.platform:xwiki-platform-crypto (Maven) May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2021-20406 was published May 24, 2022
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Chosen Ciphertext Attack in Jose4j Moderate
GHSA-jgvc-jfgh-rjvv was published for org.bitbucket.b_c:jose4j (Maven) Apr 27, 2023
Insecure Cryptography Algorithm in simple-crypto-js Moderate
GHSA-5v7r-jg9r-vq44 was published for simple-crypto-js (npm) Sep 3, 2020
tdunlap607
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed
CVE-2020-24588 was published May 24, 2022
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed
CVE-2020-24587 was published May 24, 2022
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm... Moderate Unreviewed
CVE-2023-23695 was published Feb 17, 2023
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote... Moderate Unreviewed
CVE-2022-22564 was published Feb 14, 2023
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of... Moderate Unreviewed
CVE-2020-13777 was published May 24, 2022
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time... Moderate Unreviewed
CVE-2020-12401 was published May 24, 2022
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker... Moderate Unreviewed
CVE-2022-35720 was published Feb 8, 2023
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak... Moderate Unreviewed
CVE-2023-0452 was published Jan 26, 2023
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen... Moderate Unreviewed
CVE-2018-10844 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database