Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

415 advisories

Loading
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier)... Moderate Unreviewed
CVE-2023-28124 was published Apr 19, 2023
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE... Moderate Unreviewed
CVE-2023-29054 was published Apr 11, 2023
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote... High Unreviewed
CVE-2023-27389 was published Apr 11, 2023
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for... Moderate Unreviewed
CVE-2023-22271 was published Mar 22, 2023
An improper access control vulnerability exists prior to v6 that could allow an attacker to break... High Unreviewed
CVE-2023-23911 was published Mar 11, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a... High Unreviewed
CVE-2022-43460 was published Feb 13, 2023
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A... Moderate Unreviewed
CVE-2022-34445 was published Feb 11, 2023
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version... Moderate Unreviewed
CVE-2022-34385 was published Feb 11, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows... High Unreviewed
CVE-2023-21443 was published Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers... High Unreviewed
CVE-2023-21444 was published Feb 9, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt... Moderate Unreviewed
CVE-2021-40341 was published Jan 6, 2023
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
Certain General Electric Renewable Energy products have inadequate encryption strength. This... Critical Unreviewed
CVE-2022-24116 was published Dec 26, 2022
When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed
CVE-2022-1520 was published Dec 22, 2022
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is... High Unreviewed
CVE-2022-38659 was published Dec 19, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open... Low Unreviewed
CVE-2022-46825 was published Dec 8, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up... Moderate Unreviewed
CVE-2022-4036 was published Nov 29, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
The application was signed using a key length less than or equal to 1024 bits, making it... High Unreviewed
CVE-2020-4099 was published Nov 1, 2022
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed
CVE-2022-3206 was published Oct 17, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method... Moderate Unreviewed
CVE-2022-41209 was published Oct 12, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field... Moderate Unreviewed
CVE-2021-35226 was published Oct 11, 2022
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse... Moderate Unreviewed
CVE-2022-3433 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database