GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate...
High
Unreviewed
CVE-2024-41708
was published
Sep 25, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in...
High
Unreviewed
CVE-2024-21460
was published
Jul 1, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th...
High
Unreviewed
CVE-2024-25943
was published
Jun 29, 2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All...
High
Unreviewed
CVE-2024-35292
was published
Jun 11, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High
GHSA-xg9w-r469-m455
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-0761
was published
Feb 6, 2024
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
High
CVE-2023-48056
was published
for
pypinksign
(pip)
Nov 16, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ...
High
Unreviewed
CVE-2020-27213
was published
Oct 10, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of...
High
Unreviewed
CVE-2023-34353
was published
Sep 5, 2023
Functions with insufficient randomness were used to generate authorization tokens of the...
High
Unreviewed
CVE-2023-26451
was published
Aug 2, 2023
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000...
High
Unreviewed
CVE-2023-20185
was published
Jul 12, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of...
High
Unreviewed
CVE-2023-1385
was published
Jul 6, 2023
Use of insufficiently random values vulnerability in User Management Functionality in Synology...
High
Unreviewed
CVE-2023-2729
was published
Jun 13, 2023
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker...
High
Unreviewed
CVE-2023-1898
was published
Jun 12, 2023
Duplicate Advisory: Lemur subject to insecure random generation
High
GHSA-r4xg-4wrv-w72h
was published
for
lemur
(pip)
Apr 19, 2023
•
withdrawn
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers...
High
Unreviewed
CVE-2023-26855
was published
Apr 4, 2023
Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and...
High
Unreviewed
CVE-2023-0343
was published
Mar 31, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2022-43636
was published
Mar 29, 2023
Lemur subject to insecure random generation
High
CVE-2023-30797
was published
for
lemur
(pip)
Mar 1, 2023
Rancher cattle-token is predictable
High
CVE-2022-43755
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017...
High
Unreviewed
CVE-2017-5242
was published
Jan 13, 2023
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version...
High
Unreviewed
CVE-2023-22601
was published
Jan 13, 2023
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by...
High
Unreviewed
CVE-2019-25089
was published
Dec 27, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
High
CVE-2022-39218
was published
for
@fastly/js-compute
(npm)
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API