Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
PiiGAB M-Bus stores passwords using a weak hash algorithm. Critical Unreviewed
CVE-2023-34433 was published Jul 7, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that... Critical Unreviewed
CVE-2021-36767 was published May 24, 2022
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager... Critical Unreviewed
CVE-2021-32519 was published May 24, 2022
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an... Critical Unreviewed
CVE-2020-14516 was published May 24, 2022
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating... Critical Unreviewed
CVE-2019-19735 was published May 24, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed
CVE-2019-17216 was published May 24, 2022
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users... Critical Unreviewed
CVE-2018-15680 was published May 13, 2022
Password recovery exploitation vulnerability in the non-certificate-based authentication... Critical Unreviewed
CVE-2017-3962 was published May 13, 2022
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password... Critical Unreviewed
CVE-2018-10618 was published May 13, 2022
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker... Critical Unreviewed
CVE-2019-6563 was published May 13, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric... Critical Unreviewed
CVE-2022-25157 was published Apr 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database