GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
sigstore has insufficient validation of integration timestamp during verification
Low
CVE-2024-55655
was published
for
sigstore
(pip)
Dec 11, 2024
Bit flip attack vulnerability in cookie-encrypter
High
CVE-2024-53441
was published
for
cookie-encrypter
(npm)
Dec 9, 2024
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for...
Moderate
Unreviewed
CVE-2022-20793
was published
Nov 15, 2024
Windows Kerberos Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-43547
was published
Oct 8, 2024
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to...
Moderate
Unreviewed
CVE-2023-39199
was published
Nov 15, 2023
xkeys seal encryption used fixed key for all encryption
High
CVE-2023-46129
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 31, 2023
AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step...
High
Unreviewed
CVE-2023-34471
was published
Jul 5, 2023
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure...
Moderate
Unreviewed
CVE-2022-30115
was published
Jun 3, 2022
Missing Cryptographic Step in cassproject
Moderate
CVE-2022-29229
was published
for
cassproject
(npm)
May 25, 2022
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking...
High
Unreviewed
CVE-2021-22946
was published
May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of...
Moderate
Unreviewed
CVE-2019-3738
was published
May 24, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Low
CVE-2013-5679
was published
for
org.owasp.esapi:esapi
(Maven)
May 17, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Moderate
CVE-2013-5960
was published
for
org.owasp.esapi:esapi
(Maven)
May 14, 2022
A vulnerability in the encryption implementation of EBICS messages in the open source librairy...
High
Unreviewed
CVE-2022-1279
was published
Apr 15, 2022
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API