GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
184 advisories
Filter by severity
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel...
Moderate
Unreviewed
CVE-2021-32593
was published
Apr 7, 2022
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information...
Moderate
Unreviewed
CVE-2021-45486
was published
Dec 26, 2021
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that...
Moderate
Unreviewed
CVE-2020-10932
was published
May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak...
Moderate
Unreviewed
CVE-2022-34757
was published
Jul 14, 2022
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29...
Moderate
Unreviewed
CVE-2022-29965
was published
Jul 27, 2022
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an...
Moderate
Unreviewed
CVE-2022-46140
was published
Dec 13, 2022
SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation...
Moderate
Unreviewed
CVE-2022-45195
was published
Nov 13, 2022
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers...
Moderate
Unreviewed
CVE-2022-30111
was published
May 19, 2022
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the...
Moderate
Unreviewed
CVE-2019-16863
was published
May 24, 2022
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This...
Moderate
Unreviewed
CVE-2019-13629
was published
May 24, 2022
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak...
Moderate
Unreviewed
CVE-2019-19397
was published
May 24, 2022
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing...
Moderate
Unreviewed
CVE-2022-20513
was published
Dec 20, 2022
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR...
Moderate
Unreviewed
CVE-2019-19299
was published
May 24, 2022
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than...
Moderate
Unreviewed
CVE-2020-10788
was published
May 24, 2022
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is...
Moderate
Unreviewed
CVE-2020-11501
was published
May 24, 2022
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and...
Moderate
Unreviewed
CVE-2020-10601
was published
May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing...
Moderate
Unreviewed
CVE-2020-11713
was published
May 24, 2022
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file...
Moderate
Unreviewed
CVE-2020-10560
was published
May 24, 2022
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All...
Moderate
Unreviewed
CVE-2019-10929
was published
May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 ...
Moderate
Unreviewed
CVE-2020-7511
was published
May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended...
Moderate
Unreviewed
CVE-2020-12402
was published
May 24, 2022
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of...
Moderate
Unreviewed
CVE-2020-24619
was published
May 24, 2022
Untangle Firewall NG before 16.0 uses MD5 for passwords.
Moderate
Unreviewed
CVE-2020-17494
was published
May 24, 2022
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications...
Moderate
Unreviewed
CVE-2020-20950
was published
May 24, 2022
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms...
Moderate
Unreviewed
CVE-2020-4624
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API