Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

415 advisories

Loading
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
RSA weakness in tslite-ng Low
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
CLI does not correctly implement strict mode Low
GHSA-2xwp-m7mq-7q3r was published for aws-encryption-sdk-cli (pip) Oct 28, 2020
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by... Low Unreviewed
CVE-2020-12872 was published May 24, 2022
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... High Unreviewed
CVE-2021-37188 was published Dec 11, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some... High Unreviewed
CVE-2021-22170 was published Dec 7, 2021
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02... High Unreviewed
CVE-2021-32945 was published Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who... High Unreviewed
CVE-2021-45104 was published Apr 7, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART... High Unreviewed
CVE-2021-20161 was published Dec 31, 2021
Inadequate Encryption Strength in Jenkins Moderate
CVE-2017-2598 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2... Critical Unreviewed
CVE-2020-26197 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic... High Unreviewed
CVE-2021-29694 was published May 24, 2022
The NPort IA5000A Series devices use Telnet as one of the network device management services.... Moderate Unreviewed
CVE-2020-27184 was published May 24, 2022
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2... Moderate Unreviewed
CVE-2021-31615 was published May 24, 2022
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. High Unreviewed
CVE-2021-28213 was published May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic... Critical Unreviewed
CVE-2021-27200 was published May 24, 2022
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2020-4965 was published May 24, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4... Critical Unreviewed
CVE-2021-24020 was published May 24, 2022
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Moderate Unreviewed
CVE-2021-37587 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. Moderate Unreviewed
CVE-2021-37551 was published May 24, 2022
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which... High Unreviewed
CVE-2021-29794 was published May 24, 2022
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the... Low Unreviewed
CVE-2020-14263 was published May 24, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming... Moderate Unreviewed
CVE-2022-2758 was published Sep 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database