GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
172 advisories
Filter by severity
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a...
Moderate
Unreviewed
CVE-2018-11070
was published
May 13, 2022
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA...
Moderate
Unreviewed
CVE-2018-11069
was published
May 13, 2022
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an...
Moderate
Unreviewed
CVE-2019-5754
was published
May 13, 2022
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL...
Moderate
Unreviewed
CVE-2019-6593
was published
May 13, 2022
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side...
Moderate
Unreviewed
CVE-2018-0737
was published
May 13, 2022
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state...
Moderate
Unreviewed
CVE-2015-2808
was published
May 13, 2022
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen...
Moderate
Unreviewed
CVE-2018-10845
was published
May 13, 2022
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM...
Moderate
Unreviewed
CVE-2018-10846
was published
May 13, 2022
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen...
Moderate
Unreviewed
CVE-2018-10844
was published
May 13, 2022
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel...
Moderate
Unreviewed
CVE-2018-0735
was published
May 13, 2022
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel...
Moderate
Unreviewed
CVE-2018-0734
was published
May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected...
Moderate
Unreviewed
CVE-2018-1996
was published
May 13, 2022
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was...
Moderate
Unreviewed
CVE-2019-5719
was published
May 13, 2022
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14...
Moderate
Unreviewed
CVE-2019-6485
was published
May 13, 2022
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than...
Moderate
Unreviewed
CVE-2018-1428
was published
May 13, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses...
Moderate
Unreviewed
CVE-2017-1571
was published
May 13, 2022
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses...
Moderate
Unreviewed
CVE-2017-1575
was published
May 13, 2022
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation...
Moderate
Unreviewed
CVE-2017-16718
was published
May 13, 2022
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and...
Moderate
Unreviewed
CVE-2017-10668
was published
May 13, 2022
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption...
Moderate
Unreviewed
CVE-2017-1339
was published
May 13, 2022
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67...
Moderate
Unreviewed
CVE-2017-17382
was published
May 13, 2022
OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an...
Moderate
Unreviewed
CVE-2017-8157
was published
May 13, 2022
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware...
Moderate
Unreviewed
CVE-2018-15355
was published
May 13, 2022
A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and...
Moderate
Unreviewed
CVE-2018-16806
was published
May 13, 2022
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such...
Moderate
Unreviewed
CVE-2018-5152
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API