GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
187 advisories
Filter by severity
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2021-20400
was published
Dec 2, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some...
High
Unreviewed
CVE-2021-22170
was published
Dec 7, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker...
High
Unreviewed
CVE-2021-37188
was published
Dec 11, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38947
was published
Dec 14, 2021
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols...
High
Unreviewed
CVE-2021-36337
was published
Dec 22, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45484
was published
Dec 26, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART...
High
Unreviewed
CVE-2021-20161
was published
Dec 31, 2021
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted...
High
Unreviewed
CVE-2022-24318
was published
Feb 11, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may...
High
Unreviewed
CVE-2020-14481
was published
Feb 25, 2022
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4...
High
Unreviewed
CVE-2020-10636
was published
Feb 25, 2022
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02...
High
Unreviewed
CVE-2021-32945
was published
Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who...
High
Unreviewed
CVE-2021-45104
was published
Apr 7, 2022
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the...
High
Unreviewed
CVE-2022-0828
was published
Apr 12, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard...
High
Unreviewed
CVE-2022-1252
was published
Apr 12, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco...
High
Unreviewed
CVE-2022-20677
was published
Apr 16, 2022
ProTip!
Advisories are also available from the
GraphQL API