GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is...
Moderate
Unreviewed
CVE-2020-11501
was published
May 24, 2022
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and...
Moderate
Unreviewed
CVE-2020-10601
was published
May 24, 2022
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file...
Moderate
Unreviewed
CVE-2020-10560
was published
May 24, 2022
python-apt Flawed Package Integrity Check
Moderate
CVE-2019-15795
was published
for
python-apt
(pip)
May 24, 2022
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than...
Moderate
Unreviewed
CVE-2020-10788
was published
May 24, 2022
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR...
Moderate
Unreviewed
CVE-2019-19299
was published
May 24, 2022
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak...
Moderate
Unreviewed
CVE-2019-19397
was published
May 24, 2022
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the...
Moderate
Unreviewed
CVE-2019-16863
was published
May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential...
Moderate
Unreviewed
CVE-2019-18659
was published
May 24, 2022
On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture...
Moderate
Unreviewed
CVE-2019-11341
was published
May 24, 2022
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used...
Moderate
Unreviewed
CVE-2018-5745
was published
May 24, 2022
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This...
Moderate
Unreviewed
CVE-2019-13629
was published
May 24, 2022
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in...
Moderate
Unreviewed
CVE-2019-16116
was published
May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a...
Moderate
Unreviewed
CVE-2019-1563
was published
May 24, 2022
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple...
Moderate
Unreviewed
CVE-2019-15955
was published
May 24, 2022
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses...
Moderate
Unreviewed
CVE-2018-18371
was published
May 24, 2022
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All...
Moderate
Unreviewed
CVE-2019-10929
was published
May 24, 2022
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U...
Moderate
Unreviewed
CVE-2019-13604
was published
May 24, 2022
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic...
Moderate
Unreviewed
CVE-2019-4156
was published
May 24, 2022
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor...
Moderate
Unreviewed
CVE-2019-9836
was published
May 24, 2022
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized,...
Moderate
Unreviewed
CVE-2019-11323
was published
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers...
Moderate
Unreviewed
CVE-2022-30111
was published
May 19, 2022
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability....
Moderate
Unreviewed
CVE-2017-8191
was published
May 14, 2022
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small...
Moderate
Unreviewed
CVE-2017-8866
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API