Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

398 advisories

Loading
Weak encryption in Ninja Core Moderate
CVE-2024-36823 was published for org.ninjaframework:ninja-core (Maven) Jun 7, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive... Low Unreviewed
CVE-2023-37397 was published Apr 19, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information... Moderate Unreviewed
CVE-2022-40745 was published Apr 19, 2024
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0... High Unreviewed
CVE-2024-29969 was published Apr 19, 2024
Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not... Moderate Unreviewed
CVE-2024-29951 was published Apr 17, 2024
The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa... High Unreviewed
CVE-2024-29950 was published Apr 17, 2024
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an... Moderate Unreviewed
CVE-2024-3387 was published Apr 10, 2024
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno NikAleksandrov
iokill marshrayms
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-32753 was published Mar 22, 2024
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic... High Unreviewed
CVE-2024-25102 was published Mar 6, 2024
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm ... High Unreviewed
CVE-2024-1224 was published Mar 6, 2024
An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps... Moderate Unreviewed
CVE-2024-22894 was published Jan 30, 2024
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Lantronix XPort sends weakly encoded credentials within web request headers. Moderate Unreviewed
CVE-2023-7237 was published Jan 24, 2024
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-20692 was published Jan 9, 2024
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26943 was published Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26941 was published Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26942 was published Dec 5, 2023
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 ... Low Unreviewed
CVE-2023-28896 was published Dec 1, 2023
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to... Moderate Unreviewed
CVE-2023-48034 was published Nov 27, 2023
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and... Moderate Unreviewed
CVE-2023-43757 was published Nov 16, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47372 was published Nov 9, 2023
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47369 was published Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API