Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,057
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

187 advisories

Loading
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic... High Unreviewed
CVE-2021-38891 was published May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2019-4256 was published May 24, 2022
Play Framework Inadequate Encryption Strength vulnerability High
CVE-2019-17598 was published for com.typesafe.play:play-ws_2.12 (Maven) May 24, 2022
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform ... High Unreviewed
CVE-2019-13539 was published May 24, 2022
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a... High Unreviewed
CVE-2020-4778 was published May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than... High Unreviewed
CVE-2022-22464 was published Jul 9, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2022-22453 was published Jul 15, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26306 was published Jul 26, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26307 was published Jul 26, 2022
On specific devices, there is a possible bypass of configuration integrity due to improperly used... High Unreviewed
CVE-2022-20374 was published Aug 12, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37400 was published Aug 16, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37401 was published Aug 16, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an... High Unreviewed
CVE-2022-21139 was published Aug 19, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which... High Unreviewed
CVE-2022-2083 was published Sep 6, 2022
Blink1Control2 uses weak password encryption High
CVE-2022-35513 was published for Blink1Control2 (npm) Sep 8, 2022
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to... High Unreviewed
CVE-2022-40141 was published Sep 20, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks High
CVE-2022-3273 was published for rdiffweb (pip) Oct 6, 2022
The application was signed using a key length less than or equal to 1024 bits, making it... High Unreviewed
CVE-2020-4099 was published Nov 1, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is... High Unreviewed
CVE-2022-38659 was published Dec 19, 2022
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows... High Unreviewed
CVE-2023-21443 was published Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers... High Unreviewed
CVE-2023-21444 was published Feb 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database