GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
175 advisories
Filter by severity
The NPort IA5000A Series devices use Telnet as one of the network device management services....
Moderate
Unreviewed
CVE-2020-27184
was published
May 24, 2022
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2...
Moderate
Unreviewed
CVE-2021-31615
was published
May 24, 2022
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
Moderate
Unreviewed
CVE-2021-37587
was published
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Moderate
Unreviewed
CVE-2021-37551
was published
May 24, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming...
Moderate
Unreviewed
CVE-2022-2758
was published
Sep 1, 2022
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted...
Moderate
Unreviewed
CVE-2021-37546
was published
May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1...
Moderate
Unreviewed
CVE-2021-31798
was published
May 24, 2022
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component...
Moderate
Unreviewed
CVE-2021-41061
was published
May 24, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method...
Moderate
Unreviewed
CVE-2022-41209
was published
Oct 12, 2022
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and...
Moderate
Unreviewed
CVE-2017-2391
was published
May 17, 2022
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that...
Moderate
Unreviewed
CVE-2017-1179
was published
May 17, 2022
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the...
Moderate
Unreviewed
CVE-2016-10104
was published
May 17, 2022
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the...
Moderate
Unreviewed
CVE-2022-34826
was published
Jul 16, 2022
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information,...
Moderate
Unreviewed
CVE-2016-3034
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue...
Moderate
Unreviewed
CVE-2016-4685
was published
May 17, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected...
Moderate
Unreviewed
CVE-2020-10919
was published
May 24, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software...
Moderate
Unreviewed
CVE-2015-8086
was published
May 17, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software...
Moderate
Unreviewed
CVE-2015-8085
was published
May 17, 2022
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt...
Moderate
Unreviewed
CVE-2021-40341
was published
Jan 6, 2023
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through...
Moderate
Unreviewed
CVE-2020-16235
was published
May 20, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2019-4339
was published
May 24, 2022
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values...
Moderate
Unreviewed
CVE-2019-10638
was published
May 24, 2022
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it...
Moderate
Unreviewed
CVE-2019-15947
was published
May 24, 2022
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub...
Moderate
Unreviewed
CVE-2019-14664
was published
May 24, 2022
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without...
Moderate
Unreviewed
CVE-2019-17356
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API