Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

49 advisories

Loading
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1 Low
CVE-2024-45719 was published for github.com/apache/incubator-answer (Go) Nov 22, 2024
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat:tomcat-jasper (Maven) Nov 18, 2024
Apache Tomcat Request and/or response mix-up Moderate
CVE-2024-52317 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 18, 2024
RSA weakness in tslite-ng High
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
Snowflake JDBC Security Advisory Moderate
CVE-2024-43382 was published for net.snowflake:snowflake-jdbc (Maven) Oct 30, 2024
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
Apache Linkis Authentication Bypass vulnerability Critical
CVE-2023-27987 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Dozzle uses unsafe hash for passwords Low
CVE-2024-47182 was published for github.com/amir20/dozzle (Go) Oct 9, 2024
mohammed90
Python Keyring does not securely initialize encryption cipher High
CVE-2012-4571 was published for keyring (pip) May 17, 2022
mycli has Inadequate Encryption Strength Moderate
CVE-2023-44690 was published for mycli (pip) Oct 20, 2023
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Beaker Sensitive Information Disclosure vulnerability Moderate
CVE-2012-3458 was published for beaker (pip) May 17, 2022
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Weak encryption in Ninja Core Moderate
CVE-2024-36823 was published for org.ninjaframework:ninja-core (Maven) Jun 7, 2024
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno NikAleksandrov
iokill marshrayms
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API