Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator High
CVE-2018-1000180 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 16, 2018
Inadequate Encryption Strength in Apache NiFi High
CVE-2020-9491 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy High
CVE-2021-42583 was published for github.com/foxcpp/maddy (Go) Jan 6, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm High
CVE-2016-5431 was published for gree/jose (Composer) May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J High
CVE-2015-0226 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
r3kumar
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7858 was published for magento/community-edition (Composer) May 24, 2022
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. High
CVE-2023-51838 was published for meshcentral (npm) Feb 2, 2024
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Beego privilege escalation vulnerability High
CVE-2024-40465 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
Use of a Broken or Risky Cryptographic Algorithm in Terraform High
CVE-2019-19316 was published for github.com/hashicorp/terraform (Go) May 18, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Elixir can leak information due to weak use of crypto High
CVE-2012-2146 was published for Elixir (pip) May 17, 2022
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
ProTip! Advisories are also available from the GraphQL API