GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
187 advisories
Filter by severity
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker...
High
Unreviewed
CVE-2021-37188
was published
Dec 11, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some...
High
Unreviewed
CVE-2021-22170
was published
Dec 7, 2021
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02...
High
Unreviewed
CVE-2021-32945
was published
Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who...
High
Unreviewed
CVE-2021-45104
was published
Apr 7, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART...
High
Unreviewed
CVE-2021-20161
was published
Dec 31, 2021
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-29694
was published
May 24, 2022
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
High
Unreviewed
CVE-2021-28213
was published
May 24, 2022
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2020-4965
was published
May 24, 2022
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which...
High
Unreviewed
CVE-2021-29794
was published
May 24, 2022
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may...
High
Unreviewed
CVE-2021-31796
was published
May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number...
High
Unreviewed
CVE-2021-41829
was published
May 24, 2022
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected...
High
Unreviewed
CVE-2021-20337
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash...
High
Unreviewed
CVE-2021-38979
was published
May 24, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer....
High
Unreviewed
CVE-2021-27457
was published
May 24, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an...
High
Unreviewed
CVE-2022-21139
was published
Aug 19, 2022
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2017-1224
was published
May 17, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than...
High
Unreviewed
CVE-2022-22464
was published
Jul 9, 2022
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure...
High
Unreviewed
CVE-2017-1319
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue...
High
Unreviewed
CVE-2017-2380
was published
May 17, 2022
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow...
High
Unreviewed
CVE-2016-2379
was published
May 17, 2022
Due to a lack of standard encryption when transmitting sensitive information over the internet to...
High
Unreviewed
CVE-2017-5239
was published
May 17, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that...
High
Unreviewed
CVE-2022-22453
was published
Jul 15, 2022
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently...
High
Unreviewed
CVE-2017-5999
was published
May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
High
Unreviewed
CVE-2016-5056
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API