GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation...
Critical
Unreviewed
CVE-2024-0323
was published
Feb 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
Collision of hash values in github.com/bnb-chain/tss-lib
Critical
CVE-2022-47931
was published
for
github.com/bnb-chain/tss-lib
(Go)
Dec 23, 2022
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to...
Critical
Unreviewed
CVE-2023-34130
was published
Jul 13, 2023
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use...
Critical
Unreviewed
CVE-2017-9859
was published
May 13, 2022
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three...
Critical
Unreviewed
CVE-2022-30273
was published
Jul 27, 2022
DeviceFarmer stf uses DES-ECB
Critical
CVE-2023-51839
was published
for
@devicefarmer/stf
(npm)
Jan 29, 2024
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of...
Critical
Unreviewed
CVE-2023-34039
was published
Aug 29, 2023
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2....
Critical
Unreviewed
CVE-2021-31556
was published
May 24, 2022
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
Critical
Unreviewed
CVE-2021-42216
was published
Dec 16, 2021
Nablarch Incomplete Cryptography
Critical
CVE-2019-5919
was published
for
com.nablarch.framework:nablarch-fw-web
(Maven)
May 13, 2022
Algorithms compute incorrect results in blake2
Critical
CVE-2019-16143
was published
for
blake2
(Rust)
Aug 25, 2021
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client...
Critical
Unreviewed
CVE-2014-9969
was published
May 17, 2022
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies...
Critical
Unreviewed
CVE-2021-31562
was published
Jan 22, 2022
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded...
Critical
Unreviewed
CVE-2017-17717
was published
May 14, 2022
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters...
Critical
Unreviewed
CVE-2017-17878
was published
May 14, 2022
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which...
Critical
Unreviewed
CVE-2016-6602
was published
May 14, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server...
Critical
Unreviewed
CVE-2017-4917
was published
May 13, 2022
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio...
Critical
Unreviewed
CVE-2019-9483
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API