GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Insecure Cryptography Algorithm in parsel
Critical
GHSA-wqgx-4q47-j2w5
was published
for
parsel
(npm)
Sep 4, 2020
Algorithms compute incorrect results in blake2
Critical
CVE-2019-16143
was published
for
blake2
(Rust)
Aug 25, 2021
Nablarch Incomplete Cryptography
Critical
CVE-2019-5919
was published
for
com.nablarch.framework:nablarch-fw-web
(Maven)
May 13, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Collision of hash values in github.com/bnb-chain/tss-lib
Critical
CVE-2022-47931
was published
for
github.com/bnb-chain/tss-lib
(Go)
Dec 23, 2022
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Critical
CVE-2023-34758
was published
for
github.com/bishopfox/sliver
(Go)
Jun 21, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
DeviceFarmer stf uses DES-ECB
Critical
CVE-2023-51839
was published
for
@devicefarmer/stf
(npm)
Jan 29, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys
Critical
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
ProTip!
Advisories are also available from the
GraphQL API