Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

144 advisories

Loading
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. High Unreviewed
CVE-2021-45488 was published Dec 26, 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic... High Unreviewed
CVE-2021-45487 was published Dec 26, 2021
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to... High Unreviewed
CVE-2021-46559 was published Jan 27, 2022
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual... High Unreviewed
CVE-2019-1706 was published May 24, 2022
The combination of various cryptographic issues in the session management of FortiMail 6.4.0... High Unreviewed
CVE-2021-26095 was published May 24, 2022
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x... High Unreviewed
CVE-2020-26515 was published May 24, 2022
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported... High Unreviewed
CVE-2021-2351 was published May 24, 2022
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt... High Unreviewed
CVE-2021-45450 was published Dec 22, 2021
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption,... High Unreviewed
CVE-2023-50350 was published Jan 3, 2024
The authentication cookies are generated using an algorithm based on the username, hardcoded... High Unreviewed
CVE-2023-49259 was published Jan 12, 2024
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not... High Unreviewed
CVE-2021-46900 was published Dec 31, 2023
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak... High Unreviewed
CVE-2007-4150 was published May 1, 2022
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation... High Unreviewed
CVE-2007-5460 was published May 1, 2022
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic... High Unreviewed
CVE-2024-22463 was published Mar 4, 2024
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. High Unreviewed
CVE-2022-37177 was published Aug 30, 2022
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. High Unreviewed
CVE-2012-5623 was published Apr 23, 2022
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected... High Unreviewed
CVE-2019-4399 was published May 24, 2022
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in... High Unreviewed
CVE-2019-19962 was published May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the... High Unreviewed
CVE-2019-20138 was published May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy... High Unreviewed
CVE-2020-7514 was published May 24, 2022
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2... High Unreviewed
CVE-2023-27557 was published Apr 28, 2023
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11... High Unreviewed
CVE-2023-30441 was published Apr 29, 2023
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2... High Unreviewed
CVE-2022-45858 was published May 4, 2023
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic... High Unreviewed
CVE-2022-22313 was published May 6, 2023
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm... High Unreviewed
CVE-2023-28076 was published May 16, 2023
ProTip! Advisories are also available from the GraphQL API