GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Inadequate Encryption Strength
Critical
CVE-2017-1000486
was published
for
org.primefaces:primefaces
(Maven)
Jun 3, 2021
Inadequate Encryption Strength in Jenkins
Moderate
CVE-2017-2598
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
Blink1Control2 uses weak password encryption
High
CVE-2022-35513
was published
for
Blink1Control2
(npm)
Sep 8, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Apache OpenMeetings has Inadequate Encryption Strength
Critical
CVE-2017-7673
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Play Framework Inadequate Encryption Strength vulnerability
High
CVE-2019-17598
was published
for
com.typesafe.play:play-ws_2.12
(Maven)
May 24, 2022
Hash collision in typelevel jawn
Moderate
CVE-2022-21653
was published
for
org.typelevel:jawn-parser
(Maven)
Jan 6, 2022
Inadequate Encryption Strength in Apache CXF
Moderate
CVE-2012-5575
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
May 13, 2022
Elliptic Curve Key Disclosure in go-jose
Critical
CVE-2016-9121
was published
for
github.com/square/go-jose
(Go)
Jun 23, 2021
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Moderate
CVE-2022-2582
was published
for
github.com/aws/aws-sdk-go
(Go)
Dec 28, 2022
Weak Cryptography in PHP-Proxy
High
CVE-2018-19784
was published
for
athlon1600/php-proxy
(Composer)
May 13, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Dolibarr ERP and CRM Insecure Encryption
Critical
CVE-2017-7888
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dgraph Audit Log Encryption Vulnerability
Moderate
CVE-2023-31135
was published
for
github.com/dgraph-io/dgraph
(Go)
May 17, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm
High
CVE-2023-46894
was published
for
esptool
(pip)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API