Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Improper rate limiting in Koel High
CVE-2021-33563 was published for phanan/koel (Composer) Jun 1, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker... High Unreviewed
CVE-2021-43989 was published Dec 24, 2021
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password... Moderate Unreviewed
CVE-2022-0022 was published Mar 10, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Moderate Unreviewed
CVE-2022-23348 was published Mar 22, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric... Critical Unreviewed
CVE-2022-25157 was published Apr 3, 2022
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions... High Unreviewed
CVE-2022-25156 was published Apr 3, 2022
Weak password hash in LiveHelperChat High
CVE-2022-1235 was published for remdex/livehelperchat (Composer) Apr 6, 2022
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9... High Unreviewed
CVE-2021-26113 was published Apr 7, 2022
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting... High Unreviewed
CVE-2001-0967 was published Apr 30, 2022
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for... Moderate Unreviewed
CVE-2002-1657 was published Apr 30, 2022
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the... High Unreviewed
CVE-2005-0408 was published May 1, 2022
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local... Low Unreviewed
CVE-2006-1058 was published May 1, 2022
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40... Moderate Unreviewed
CVE-2008-1526 was published May 1, 2022
Use of Password Hash With Insufficient Computational Effort in Apache Derby Moderate
CVE-2009-4269 was published for org.apache.derby:derby (Maven) May 2, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24041 was published May 11, 2022
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing... High Unreviewed
CVE-2019-0030 was published May 13, 2022
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with... High Unreviewed
CVE-2019-3907 was published May 13, 2022
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations... High Unreviewed
CVE-2019-7649 was published May 13, 2022
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker... Critical Unreviewed
CVE-2019-6563 was published May 13, 2022
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password... Critical Unreviewed
CVE-2018-10618 was published May 13, 2022
Password recovery exploitation vulnerability in the non-certificate-based authentication... Critical Unreviewed
CVE-2017-3962 was published May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... Moderate Unreviewed
CVE-2017-11131 was published May 13, 2022
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and... High Unreviewed
CVE-2018-1447 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API