Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

422 advisories

Loading
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Password Hashing: Do not use MD5 Low
CVE-2020-5229 was published for org.opencastproject:opencast-common-jpa-impl (Maven) Jan 30, 2020
Insecure Cryptography Algorithm in parsel Critical
GHSA-wqgx-4q47-j2w5 was published for parsel (npm) Sep 4, 2020
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Ciphertext Malleability Issue in Tink Java Low
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic... High Unreviewed
CVE-2022-22327 was published Apr 2, 2022
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and... High Unreviewed
CVE-2021-33018 was published Apr 3, 2022
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel... Moderate Unreviewed
CVE-2021-32593 was published Apr 7, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote... Critical Unreviewed
CVE-2022-26854 was published Apr 9, 2022
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm... High Unreviewed
CVE-2022-22559 was published Apr 13, 2022
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could... High Unreviewed
CVE-2021-39076 was published Apr 20, 2022
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation... High Unreviewed
CVE-2022-29566 was published Apr 22, 2022
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information... Moderate Unreviewed
CVE-2021-45486 was published Dec 26, 2021
An exploitable information disclosure vulnerability exists in the Weave PASE pairing... Critical Unreviewed
CVE-2019-5035 was published May 24, 2022
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an... High Unreviewed
CVE-2021-45485 was published Dec 26, 2021
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to... High Unreviewed
CVE-2021-27211 was published May 24, 2022
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an... High Unreviewed
CVE-2020-27611 was published May 24, 2022
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in... High Unreviewed
CVE-2021-22309 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of... High Unreviewed
CVE-2019-5163 was published May 24, 2022
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute... High Unreviewed
CVE-2021-33582 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that... Moderate Unreviewed
CVE-2020-10932 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated... Low Unreviewed
CVE-2021-34688 was published May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD... High Unreviewed
CVE-2022-24296 was published Jun 9, 2022
ProTip! Advisories are also available from the GraphQL API