GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
28 advisories
Filter by severity
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2...
Critical
Unreviewed
CVE-2020-26197
was published
May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic...
Critical
Unreviewed
CVE-2021-27200
was published
May 24, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4...
Critical
Unreviewed
CVE-2021-24020
was published
May 24, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or...
Critical
Unreviewed
CVE-2017-7229
was published
May 17, 2022
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix...
Critical
Unreviewed
CVE-2017-7903
was published
May 17, 2022
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is...
Critical
Unreviewed
CVE-2017-8076
was published
May 17, 2022
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a...
Critical
Unreviewed
CVE-2021-42949
was published
Sep 17, 2022
Certain General Electric Renewable Energy products have inadequate encryption strength. This...
Critical
Unreviewed
CVE-2022-24116
was published
Dec 26, 2022
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory...
Critical
Unreviewed
CVE-2020-11684
was published
May 24, 2022
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration...
Critical
Unreviewed
CVE-2020-29658
was published
May 24, 2022
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX...
Critical
Unreviewed
CVE-2021-21507
was published
May 24, 2022
Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which...
Critical
Unreviewed
CVE-2022-36555
was published
Aug 30, 2022
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170...
Critical
Unreviewed
CVE-2016-5804
was published
May 13, 2022
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of...
Critical
Unreviewed
CVE-2019-10907
was published
May 13, 2022
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA)...
Critical
Unreviewed
CVE-2018-0448
was published
May 13, 2022
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750...
Critical
Unreviewed
CVE-2017-7905
was published
May 13, 2022
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in...
Critical
Unreviewed
CVE-2017-16726
was published
May 13, 2022
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum,...
Critical
Unreviewed
CVE-2018-7242
was published
May 14, 2022
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version ...
Critical
Unreviewed
CVE-2018-15124
was published
May 14, 2022
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to...
Critical
Unreviewed
CVE-2017-14090
was published
May 14, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback...
Critical
Unreviewed
CVE-2014-9975
was published
May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure...
Critical
Unreviewed
CVE-2015-0575
was published
May 17, 2022
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,...
Critical
Unreviewed
CVE-2021-45512
was published
Dec 27, 2021
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
Session data between cluster nodes during cluster synchronization is not properly encrypted in...
Critical
Unreviewed
CVE-2018-20810
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API