GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Discovery uses the same AES/GCM Nonce throughout the session
Low
GHSA-w3hj-wr2q-x83g
was published
for
tech.pegasys.discovery:discovery
(Maven)
Apr 6, 2021
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2...
Moderate
Unreviewed
CVE-2020-1759
was published
May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session....
Moderate
Unreviewed
CVE-2024-23688
was published
Jan 20, 2024
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair...
Critical
Unreviewed
CVE-2019-7593
was published
May 24, 2022
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA...
High
Unreviewed
CVE-2022-24401
was published
Oct 19, 2023
Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App...
Moderate
Unreviewed
CVE-2024-36289
was published
Jun 17, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
PheonixAppAPI has visible Encoding Maps
Moderate
CVE-2024-41951
was published
for
PheonixAppAPI
(pip)
Jul 31, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless...
Moderate
Unreviewed
CVE-2023-7003
was published
Mar 15, 2024
HashiCorp Vault Improper Input Validation vulnerability
Moderate
CVE-2023-4680
was published
for
github.com/hashicorp/vault
(Go)
Sep 15, 2023
cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
CVE-2024-21530
was published
for
cocoon
(Rust)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API