Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
OpenSSL gem for Ruby using inadequate encryption strength High
CVE-2016-7798 was published for openssl (RubyGems) Oct 24, 2017
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-18325 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-15811 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
RSA weakness in tslite-ng High
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Weak Cryptography in PHP-Proxy High
CVE-2018-19784 was published for athlon1600/php-proxy (Composer) May 13, 2022
Python Keyring does not securely initialize encryption cipher High
CVE-2012-4571 was published for keyring (pip) May 17, 2022
Play Framework Inadequate Encryption Strength vulnerability High
CVE-2019-17598 was published for com.typesafe.play:play-ws_2.12 (Maven) May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Blink1Control2 uses weak password encryption High
CVE-2022-35513 was published for Blink1Control2 (npm) Sep 8, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno NikAleksandrov
iokill marshrayms
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API