GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
432 advisories
Filter by severity
Argus Surveillance DVR v4.0 employs weak password encryption.
Moderate
Unreviewed
CVE-2022-25012
was published
Mar 3, 2022
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4...
High
Unreviewed
CVE-2020-10636
was published
Feb 25, 2022
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may...
High
Unreviewed
CVE-2020-14481
was published
Feb 25, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Moderate
Unreviewed
CVE-2022-21800
was published
Feb 19, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to...
Moderate
Unreviewed
CVE-2019-4291
was published
Feb 17, 2022
Inadequate Encryption Strength and Algorithm Downgrade in Wildfly
Moderate
Unreviewed
CVE-2019-14887
was published
Feb 15, 2022
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted...
High
Unreviewed
CVE-2022-24318
was published
Feb 11, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of...
Moderate
Unreviewed
CVE-2021-40006
was published
Jan 11, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Hash collision in typelevel jawn
Moderate
CVE-2022-21653
was published
for
org.typelevel:jawn-parser
(Maven)
Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART...
High
Unreviewed
CVE-2021-20161
was published
Dec 31, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,...
Critical
Unreviewed
CVE-2021-45512
was published
Dec 27, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45484
was published
Dec 26, 2021
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols...
High
Unreviewed
CVE-2021-36337
was published
Dec 22, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38947
was published
Dec 14, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker...
High
Unreviewed
CVE-2021-37188
was published
Dec 11, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some...
High
Unreviewed
CVE-2021-22170
was published
Dec 7, 2021
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2021-20400
was published
Dec 2, 2021
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
Elliptic Curve Key Disclosure in go-jose
Critical
CVE-2016-9121
was published
for
github.com/square/go-jose
(Go)
Jun 23, 2021
Inadequate Encryption Strength
Critical
CVE-2017-1000486
was published
for
org.primefaces:primefaces
(Maven)
Jun 3, 2021
ProTip!
Advisories are also available from the
GraphQL API