GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier)...
Moderate
Unreviewed
CVE-2023-28124
was published
Apr 19, 2023
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE...
Moderate
Unreviewed
CVE-2023-29054
was published
Apr 11, 2023
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote...
High
Unreviewed
CVE-2023-27389
was published
Apr 11, 2023
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for...
Moderate
Unreviewed
CVE-2023-22271
was published
Mar 22, 2023
An improper access control vulnerability exists prior to v6 that could allow an attacker to break...
High
Unreviewed
CVE-2023-23911
was published
Mar 11, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a...
High
Unreviewed
CVE-2022-43460
was published
Feb 13, 2023
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A...
Moderate
Unreviewed
CVE-2022-34445
was published
Feb 11, 2023
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version...
Moderate
Unreviewed
CVE-2022-34385
was published
Feb 11, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows...
High
Unreviewed
CVE-2023-21443
was published
Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers...
High
Unreviewed
CVE-2023-21444
was published
Feb 9, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,...
High
Unreviewed
CVE-2022-38469
was published
Jan 18, 2023
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt...
Moderate
Unreviewed
CVE-2021-40341
was published
Jan 6, 2023
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Moderate
CVE-2022-2582
was published
for
github.com/aws/aws-sdk-go
(Go)
Dec 28, 2022
Certain General Electric Renewable Energy products have inadequate encryption strength. This...
Critical
Unreviewed
CVE-2022-24116
was published
Dec 26, 2022
When viewing an email message A, which contains an attached message B, where B is encrypted or...
Moderate
Unreviewed
CVE-2022-1520
was published
Dec 22, 2022
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is...
High
Unreviewed
CVE-2022-38659
was published
Dec 19, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open...
Low
Unreviewed
CVE-2022-46825
was published
Dec 8, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up...
Moderate
Unreviewed
CVE-2022-4036
was published
Nov 29, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
The application was signed using a key length less than or equal to 1024 bits, making it...
High
Unreviewed
CVE-2020-4099
was published
Nov 1, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ...
Moderate
Unreviewed
CVE-2022-3206
was published
Oct 17, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method...
Moderate
Unreviewed
CVE-2022-41209
was published
Oct 12, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field...
Moderate
Unreviewed
CVE-2021-35226
was published
Oct 11, 2022
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse...
Moderate
Unreviewed
CVE-2022-3433
was published
Oct 11, 2022
ProTip!
Advisories are also available from the
GraphQL API