Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

194 advisories

Loading
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure... Moderate Unreviewed
CVE-2022-30683 was published Sep 17, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An... Moderate Unreviewed
CVE-2022-29835 was published Sep 20, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed
CVE-2022-1318 was published Apr 21, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Moderate Unreviewed
CVE-2022-21800 was published Feb 19, 2022
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A... Moderate Unreviewed
CVE-2022-34445 was published Feb 11, 2023
The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named ... Moderate Unreviewed
CVE-2022-3206 was published Oct 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API Moderate
CVE-2022-29161 was published for org.xwiki.platform:xwiki-platform-crypto (Maven) May 24, 2022
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse... Moderate Unreviewed
CVE-2022-3433 was published Oct 11, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up... Moderate Unreviewed
CVE-2022-4036 was published Nov 29, 2022
An information disclosure vulnerability exists in the router configuration export functionality... Moderate Unreviewed
CVE-2022-26020 was published May 13, 2022
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection... Moderate Unreviewed
CVE-2019-19097 was published May 24, 2022
IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2021-20406 was published May 24, 2022
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE... Moderate Unreviewed
CVE-2023-29054 was published Apr 11, 2023
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed
CVE-2020-24587 was published May 24, 2022
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for... Moderate Unreviewed
CVE-2023-22271 was published Mar 22, 2023
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses... Moderate Unreviewed
CVE-2019-4102 was published May 24, 2022
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version... Moderate Unreviewed
CVE-2022-34385 was published Feb 11, 2023
Inadequate Encryption Strength in Apache CXF Moderate
CVE-2012-5575 was published for org.apache.cxf:cxf-rt-transports-http (Maven) May 13, 2022
Argus Surveillance DVR v4.0 employs weak password encryption. Moderate Unreviewed
CVE-2022-25012 was published Mar 3, 2022
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to... Moderate Unreviewed
CVE-2019-4291 was published Feb 17, 2022
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2017-1664 was published May 14, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2018-1425 was published May 14, 2022
IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for... Moderate Unreviewed
CVE-2015-4953 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database