GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
167 advisories
Filter by severity
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel...
Moderate
Unreviewed
CVE-2018-0735
was published
May 13, 2022
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in...
Moderate
Unreviewed
CVE-2021-43550
was published
Dec 28, 2021
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol...
Moderate
Unreviewed
CVE-2021-45081
was published
Feb 21, 2022
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker...
Moderate
Unreviewed
CVE-2021-43774
was published
Mar 4, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2019-4156
was published
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum...
Moderate
Unreviewed
CVE-2021-36647
was published
Jan 17, 2023
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health...
Moderate
Unreviewed
CVE-2023-0296
was published
Jan 17, 2023
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen...
Moderate
Unreviewed
CVE-2018-10844
was published
May 13, 2022
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen...
Moderate
Unreviewed
CVE-2018-10845
was published
May 13, 2022
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM...
Moderate
Unreviewed
CVE-2018-10846
was published
May 13, 2022
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak...
Moderate
Unreviewed
CVE-2023-0452
was published
Jan 26, 2023
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker...
Moderate
Unreviewed
CVE-2022-35720
was published
Feb 8, 2023
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time...
Moderate
Unreviewed
CVE-2020-12401
was published
May 24, 2022
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of...
Moderate
Unreviewed
CVE-2020-13777
was published
May 24, 2022
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote...
Moderate
Unreviewed
CVE-2022-22564
was published
Feb 14, 2023
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm...
Moderate
Unreviewed
CVE-2023-23695
was published
Feb 17, 2023
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired...
Moderate
Unreviewed
CVE-2020-24587
was published
May 24, 2022
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired...
Moderate
Unreviewed
CVE-2020-24588
was published
May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2021-20406
was published
May 24, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Moderate
Unreviewed
CVE-2022-21800
was published
Feb 19, 2022
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG)...
Moderate
Unreviewed
CVE-2022-20805
was published
Apr 22, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An...
Moderate
Unreviewed
CVE-2022-29835
was published
Sep 20, 2022
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
Moderate
Unreviewed
CVE-2021-25761
was published
May 24, 2022
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query...
Moderate
Unreviewed
CVE-2021-37606
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API