GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6...
High
Unreviewed
CVE-2021-32997
was published
May 26, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes...
Moderate
Unreviewed
CVE-2022-29731
was published
Jun 3, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
The application was vulnerable to an authenticated information disclosure, allowing...
Moderate
Unreviewed
CVE-2022-40295
was published
Nov 1, 2022
GraphQL queries can expose password hashes
Critical
GHSA-3p7g-wrgg-wq45
was published
for
ibexa/graphql
(Composer)
Nov 10, 2022
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the...
Critical
Unreviewed
CVE-2020-12069
was published
Dec 26, 2022
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can...
High
Unreviewed
CVE-2022-47732
was published
Jan 20, 2023
AMI Megarac Weak password hashes for Redfish & API
Moderate
Unreviewed
CVE-2022-40258
was published
Jan 31, 2023
A use of password hash with insufficient computational effort vulnerability [CWE-916] in...
High
Unreviewed
CVE-2022-26115
was published
Feb 16, 2023
Password Shucking Vulnerability
Moderate
CVE-2023-27580
was published
for
codeigniter4/shield
(Composer)
Mar 13, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows...
High
Unreviewed
CVE-2023-33243
was published
Jun 15, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm.
Critical
Unreviewed
CVE-2023-34433
was published
Jul 7, 2023
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an...
High
Unreviewed
CVE-2023-31412
was published
Aug 24, 2023
Buttercup allows attackers to obtain the hash of the master password
Moderate
CVE-2023-41646
was published
for
buttercup
(npm)
Sep 8, 2023
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901....
Low
Unreviewed
CVE-2023-4986
was published
Sep 15, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an...
Moderate
Unreviewed
CVE-2022-47557
was published
Sep 19, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers...
High
Unreviewed
CVE-2023-5846
was published
Nov 2, 2023
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3...
High
Unreviewed
CVE-2024-25607
was published
Feb 20, 2024
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by...
Low
Unreviewed
CVE-2024-2365
was published
Mar 11, 2024
Serverpod improved security for stored password hashes
Moderate
CVE-2024-29886
was published
for
serverpod_auth_server
(Pub)
Mar 28, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting...
Low
Unreviewed
CVE-2024-21754
was published
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API