GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
144 advisories
Filter by severity
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
High
Unreviewed
CVE-2021-45488
was published
Dec 26, 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic...
High
Unreviewed
CVE-2021-45487
was published
Dec 26, 2021
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to...
High
Unreviewed
CVE-2021-46559
was published
Jan 27, 2022
A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual...
High
Unreviewed
CVE-2019-1706
was published
May 24, 2022
The combination of various cryptographic issues in the session management of FortiMail 6.4.0...
High
Unreviewed
CVE-2021-26095
was published
May 24, 2022
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x...
High
Unreviewed
CVE-2020-26515
was published
May 24, 2022
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported...
High
Unreviewed
CVE-2021-2351
was published
May 24, 2022
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt...
High
Unreviewed
CVE-2021-45450
was published
Dec 22, 2021
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption,...
High
Unreviewed
CVE-2023-50350
was published
Jan 3, 2024
The authentication cookies are generated using an algorithm based on the username, hardcoded...
High
Unreviewed
CVE-2023-49259
was published
Jan 12, 2024
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not...
High
Unreviewed
CVE-2021-46900
was published
Dec 31, 2023
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak...
High
Unreviewed
CVE-2007-4150
was published
May 1, 2022
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation...
High
Unreviewed
CVE-2007-5460
was published
May 1, 2022
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic...
High
Unreviewed
CVE-2024-22463
was published
Mar 4, 2024
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
Unreviewed
CVE-2022-37177
was published
Aug 30, 2022
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
High
Unreviewed
CVE-2012-5623
was published
Apr 23, 2022
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected...
High
Unreviewed
CVE-2019-4399
was published
May 24, 2022
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in...
High
Unreviewed
CVE-2019-19962
was published
May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the...
High
Unreviewed
CVE-2019-20138
was published
May 24, 2022
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy...
High
Unreviewed
CVE-2020-7514
was published
May 24, 2022
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2...
High
Unreviewed
CVE-2023-27557
was published
Apr 28, 2023
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11...
High
Unreviewed
CVE-2023-30441
was published
Apr 29, 2023
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2...
High
Unreviewed
CVE-2022-45858
was published
May 4, 2023
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2022-22313
was published
May 6, 2023
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm...
High
Unreviewed
CVE-2023-28076
was published
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API