GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0...
Moderate
Unreviewed
CVE-2021-26099
was published
May 24, 2022
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a...
Moderate
Unreviewed
CVE-2021-23993
was published
May 24, 2022
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired...
Moderate
Unreviewed
CVE-2020-24588
was published
May 24, 2022
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired...
Moderate
Unreviewed
CVE-2020-24587
was published
May 24, 2022
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms...
Moderate
Unreviewed
CVE-2021-3446
was published
May 24, 2022
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an...
Moderate
Unreviewed
CVE-2021-20441
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2021-20406
was published
May 24, 2022
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
Moderate
Unreviewed
CVE-2021-25763
was published
May 24, 2022
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
Moderate
Unreviewed
CVE-2021-25761
was published
May 24, 2022
Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote...
Moderate
Unreviewed
CVE-2020-29536
was published
May 24, 2022
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2020-4968
was published
May 24, 2022
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications...
Moderate
Unreviewed
CVE-2020-20950
was published
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server...
Moderate
Unreviewed
CVE-2020-7339
was published
May 24, 2022
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms...
Moderate
Unreviewed
CVE-2020-4624
was published
May 24, 2022
Untangle Firewall NG before 16.0 uses MD5 for passwords.
Moderate
Unreviewed
CVE-2020-17494
was published
May 24, 2022
In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed...
Moderate
Unreviewed
CVE-2020-5943
was published
May 24, 2022
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time...
Moderate
Unreviewed
CVE-2020-12401
was published
May 24, 2022
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of...
Moderate
Unreviewed
CVE-2020-24619
was published
May 24, 2022
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ...
Moderate
Unreviewed
CVE-2020-1596
was published
May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended...
Moderate
Unreviewed
CVE-2020-12402
was published
May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 ...
Moderate
Unreviewed
CVE-2020-7511
was published
May 24, 2022
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of...
Moderate
Unreviewed
CVE-2020-13777
was published
May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242...
Moderate
Unreviewed
CVE-2020-11876
was published
May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that...
Moderate
Unreviewed
CVE-2020-10932
was published
May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing...
Moderate
Unreviewed
CVE-2020-11713
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API