GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
High
CVE-2022-31158
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Key confusion through non-blocklisted public key formats
High
CVE-2022-29217
was published
for
pyjwt
(pip)
May 24, 2022
Logic error in Matrix SDK for Android
Moderate
CVE-2021-40824
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
May 24, 2022
python-apt Flawed Package Integrity Check
Moderate
CVE-2019-15795
was published
for
python-apt
(pip)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2016-5431
was published
for
gree/jose
(Composer)
May 24, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7858
was published
for
magento/community-edition
(Composer)
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
High
CVE-2015-0226
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Nablarch Incomplete Cryptography
Critical
CVE-2019-5919
was published
for
com.nablarch.framework:nablarch-fw-web
(Maven)
May 13, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Moderate
CVE-2011-2487
was published
for
org.apache.ws.security:wss4j
(Maven)
Apr 22, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer
High
CVE-2022-27191
was published
for
golang.org/x/crypto
(Go)
Mar 19, 2022
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Low
CVE-2020-8912
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
High
CVE-2021-42583
was published
for
github.com/foxcpp/maddy
(Go)
Jan 6, 2022
Inadequate Encryption Strength in Apache NiFi
High
CVE-2020-9491
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Laravel Framework XSS in Blade templating engine
Moderate
CVE-2021-43808
was published
for
illuminate/view
(Composer)
Dec 8, 2021
Use of Sha-1 in tusdotnet
Low
CVE-2021-44150
was published
for
tusdotnet
(NuGet)
Nov 29, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API