GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
398 advisories
Filter by severity
Weak encryption in Ninja Core
Moderate
CVE-2024-36823
was published
for
org.ninjaframework:ninja-core
(Maven)
Jun 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive...
Low
Unreviewed
CVE-2023-37397
was published
Apr 19, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information...
Moderate
Unreviewed
CVE-2022-40745
was published
Apr 19, 2024
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0...
High
Unreviewed
CVE-2024-29969
was published
Apr 19, 2024
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not...
Moderate
Unreviewed
CVE-2024-29951
was published
Apr 17, 2024
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa...
High
Unreviewed
CVE-2024-29950
was published
Apr 17, 2024
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an...
Moderate
Unreviewed
CVE-2024-3387
was published
Apr 10, 2024
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that...
Moderate
Unreviewed
CVE-2022-32753
was published
Mar 22, 2024
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic...
High
Unreviewed
CVE-2024-25102
was published
Mar 6, 2024
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm ...
High
Unreviewed
CVE-2024-1224
was published
Mar 6, 2024
An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps...
Moderate
Unreviewed
CVE-2024-22894
was published
Jan 30, 2024
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
High
CVE-2024-23656
was published
for
github.com/dexidp/dex
(Go)
Jan 26, 2024
Lantronix XPort sends weakly encoded credentials within web request headers.
Moderate
Unreviewed
CVE-2023-7237
was published
Jan 24, 2024
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2024-20692
was published
Jan 9, 2024
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26943
was published
Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26941
was published
Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a...
Moderate
Unreviewed
CVE-2023-26942
was published
Dec 5, 2023
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 ...
Low
Unreviewed
CVE-2023-28896
was published
Dec 1, 2023
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to...
Moderate
Unreviewed
CVE-2023-48034
was published
Nov 27, 2023
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and...
Moderate
Unreviewed
CVE-2023-43757
was published
Nov 16, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm
High
CVE-2023-46894
was published
for
esptool
(pip)
Nov 9, 2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers...
Moderate
Unreviewed
CVE-2023-47372
was published
Nov 9, 2023
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers...
Moderate
Unreviewed
CVE-2023-47369
was published
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API