Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Moderate Unreviewed
CVE-2022-23348 was published Mar 22, 2022
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions... High Unreviewed
CVE-2022-25156 was published Apr 3, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric... Critical Unreviewed
CVE-2022-25157 was published Apr 3, 2022
Weak password hash in LiveHelperChat High
CVE-2022-1235 was published for remdex/livehelperchat (Composer) Apr 6, 2022
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9... High Unreviewed
CVE-2021-26113 was published Apr 7, 2022
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak... High Unreviewed
CVE-2020-16231 was published May 20, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6... High Unreviewed
CVE-2021-32997 was published May 26, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes... Moderate Unreviewed
CVE-2022-29731 was published Jun 3, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are... High Unreviewed
CVE-2021-23855 was published May 24, 2022
MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a... Moderate Unreviewed
CVE-2019-20062 was published May 24, 2022
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow... Moderate Unreviewed
CVE-2020-0533 was published May 24, 2022
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash... Moderate Unreviewed
CVE-2019-12305 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative... Moderate Unreviewed
CVE-2020-27693 was published May 24, 2022
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500... Moderate Unreviewed
CVE-2020-6780 was published May 24, 2022
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an... Critical Unreviewed
CVE-2020-14516 was published May 24, 2022
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long... High Unreviewed
CVE-2020-28873 was published May 24, 2022
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for... High Unreviewed
CVE-2020-25754 was published May 24, 2022
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager... Critical Unreviewed
CVE-2021-32519 was published May 24, 2022
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 /... High Unreviewed
CVE-2021-22774 was published May 24, 2022
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of... High Unreviewed
CVE-2021-32596 was published May 24, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords... Moderate Unreviewed
CVE-2021-33003 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API