GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
High
CVE-2018-1000180
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 16, 2018
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
High
CVE-2016-6485
was published
for
magento/community-edition
(Composer)
Nov 20, 2019
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Python-RSA decryption of ciphertext leads to DoS
High
CVE-2020-13757
was published
for
rsa
(pip)
Mar 24, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Incorrect implementation of the Streebog hash functions in streebog
High
CVE-2019-25006
was published
for
streebog
(Rust)
Aug 25, 2021
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
High
CVE-2020-8897
was published
for
aws-encryption-sdk
(Maven)
Oct 12, 2021
Inadequate Encryption Strength in Apache NiFi
High
CVE-2020-9491
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
High
CVE-2021-42583
was published
for
github.com/foxcpp/maddy
(Go)
Jan 6, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer
High
CVE-2022-27191
was published
for
golang.org/x/crypto
(Go)
Mar 19, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
High
CVE-2015-0226
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Elixir can leak information due to weak use of crypto
High
CVE-2012-2146
was published
for
Elixir
(pip)
May 17, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7858
was published
for
magento/community-edition
(Composer)
May 24, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2016-5431
was published
for
gree/jose
(Composer)
May 24, 2022
Key confusion through non-blocklisted public key formats
High
CVE-2022-29217
was published
for
pyjwt
(pip)
May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
High
CVE-2022-31158
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
jsonwebtoken unrestricted key type could lead to legacy keys usage
High
CVE-2022-23539
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
jose4j uses weak cryptographic algorithm
High
CVE-2023-31582
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Oct 25, 2023
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
CVE-2023-51838
was published
for
meshcentral
(npm)
Feb 2, 2024
ProTip!
Advisories are also available from the
GraphQL API