GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,045
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
26 advisories
Filter by severity
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker...
High
Unreviewed
CVE-2021-43989
was published
Dec 24, 2021
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions...
High
Unreviewed
CVE-2022-25156
was published
Apr 3, 2022
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9...
High
Unreviewed
CVE-2021-26113
was published
Apr 7, 2022
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting...
High
Unreviewed
CVE-2001-0967
was published
Apr 30, 2022
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the...
High
Unreviewed
CVE-2005-0408
was published
May 1, 2022
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing...
High
Unreviewed
CVE-2019-0030
was published
May 13, 2022
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with...
High
Unreviewed
CVE-2019-3907
was published
May 13, 2022
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations...
High
Unreviewed
CVE-2019-7649
was published
May 13, 2022
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and...
High
Unreviewed
CVE-2018-1447
was published
May 13, 2022
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%...
High
Unreviewed
CVE-2018-9233
was published
May 13, 2022
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak...
High
Unreviewed
CVE-2020-16231
was published
May 20, 2022
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long...
High
Unreviewed
CVE-2020-28873
was published
May 24, 2022
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A...
High
Unreviewed
CVE-2019-20466
was published
May 24, 2022
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for...
High
Unreviewed
CVE-2020-25754
was published
May 24, 2022
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 /...
High
Unreviewed
CVE-2021-22774
was published
May 24, 2022
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of...
High
Unreviewed
CVE-2021-32596
was published
May 24, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are...
High
Unreviewed
CVE-2021-23855
was published
May 24, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6...
High
Unreviewed
CVE-2021-32997
was published
May 26, 2022
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can...
High
Unreviewed
CVE-2022-47732
was published
Jan 20, 2023
A use of password hash with insufficient computational effort vulnerability [CWE-916] in...
High
Unreviewed
CVE-2022-26115
was published
Feb 16, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows...
High
Unreviewed
CVE-2023-33243
was published
Jun 15, 2023
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an...
High
Unreviewed
CVE-2023-31412
was published
Aug 24, 2023
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers...
High
Unreviewed
CVE-2023-5846
was published
Nov 2, 2023
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the...
High
Unreviewed
CVE-2024-3183
was published
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API