GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
358 advisories
Filter by severity
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm...
Moderate
Unreviewed
CVE-2022-30320
was published
Jul 29, 2022
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware...
Moderate
Unreviewed
CVE-2023-51392
was published
Feb 23, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...
Moderate
Unreviewed
CVE-2023-50312
was published
Mar 1, 2024
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An...
Low
Unreviewed
CVE-2024-22458
was published
Mar 1, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3...
Moderate
Unreviewed
CVE-2024-27255
was published
Mar 3, 2024
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic...
High
Unreviewed
CVE-2024-22463
was published
Mar 4, 2024
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
Unreviewed
CVE-2022-37177
was published
Aug 30, 2022
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic...
Moderate
Unreviewed
CVE-2024-25963
was published
Mar 28, 2024
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use...
Critical
Unreviewed
CVE-2017-9859
was published
May 13, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242...
Moderate
Unreviewed
CVE-2020-11876
was published
May 24, 2022
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for...
Moderate
Unreviewed
CVE-2023-50313
was published
Apr 2, 2024
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
High
Unreviewed
CVE-2012-5623
was published
Apr 23, 2022
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C...
Moderate
Unreviewed
CVE-2013-2213
was published
May 5, 2022
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized,...
Moderate
Unreviewed
CVE-2019-11323
was published
May 24, 2022
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor...
Moderate
Unreviewed
CVE-2019-9836
was published
May 24, 2022
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U...
Moderate
Unreviewed
CVE-2019-13604
was published
May 24, 2022
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses...
Moderate
Unreviewed
CVE-2018-18371
was published
May 24, 2022
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple...
Moderate
Unreviewed
CVE-2019-15955
was published
May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a...
Moderate
Unreviewed
CVE-2019-1563
was published
May 24, 2022
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in...
Moderate
Unreviewed
CVE-2019-16116
was published
May 24, 2022
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used...
Moderate
Unreviewed
CVE-2018-5745
was published
May 24, 2022
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected...
High
Unreviewed
CVE-2019-4399
was published
May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential...
Moderate
Unreviewed
CVE-2019-18659
was published
May 24, 2022
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in...
High
Unreviewed
CVE-2019-19962
was published
May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the...
High
Unreviewed
CVE-2019-20138
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API