Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Password Hashing: Do not use MD5 Low
CVE-2020-5229 was published for org.opencastproject:opencast-common-jpa-impl (Maven) Jan 30, 2020
Insecure Cryptography Algorithm in parsel Critical
GHSA-wqgx-4q47-j2w5 was published for parsel (npm) Sep 4, 2020
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Ciphertext Malleability Issue in Tink Java Low
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic... High Unreviewed
CVE-2022-22327 was published Apr 2, 2022
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and... High Unreviewed
CVE-2021-33018 was published Apr 3, 2022
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel... Moderate Unreviewed
CVE-2021-32593 was published Apr 7, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote... Critical Unreviewed
CVE-2022-26854 was published Apr 9, 2022
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm... High Unreviewed
CVE-2022-22559 was published Apr 13, 2022
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could... High Unreviewed
CVE-2021-39076 was published Apr 20, 2022
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation... High Unreviewed
CVE-2022-29566 was published Apr 22, 2022
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information... Moderate Unreviewed
CVE-2021-45486 was published Dec 26, 2021
An exploitable information disclosure vulnerability exists in the Weave PASE pairing... Critical Unreviewed
CVE-2019-5035 was published May 24, 2022
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an... High Unreviewed
CVE-2021-45485 was published Dec 26, 2021
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to... High Unreviewed
CVE-2021-27211 was published May 24, 2022
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an... High Unreviewed
CVE-2020-27611 was published May 24, 2022
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in... High Unreviewed
CVE-2021-22309 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of... High Unreviewed
CVE-2019-5163 was published May 24, 2022
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute... High Unreviewed
CVE-2021-33582 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that... Moderate Unreviewed
CVE-2020-10932 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated... Low Unreviewed
CVE-2021-34688 was published May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD... High Unreviewed
CVE-2022-24296 was published Jun 9, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... High Unreviewed
CVE-2021-27457 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database