Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C... Moderate Unreviewed
CVE-2013-2213 was published May 5, 2022
Withdrawn: JJWT improperly generates signing keys Moderate
CVE-2024-31033 was published for io.jsonwebtoken:jjwt-impl (Maven) Apr 1, 2024 withdrawn
ebickle
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for... Moderate Unreviewed
CVE-2023-50313 was published Apr 2, 2024
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242... Moderate Unreviewed
CVE-2020-11876 was published May 24, 2022
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic... Moderate Unreviewed
CVE-2024-25963 was published Mar 28, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2024-27255 was published Mar 3, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than... Moderate Unreviewed
CVE-2023-50312 was published Mar 1, 2024
Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm... Moderate Unreviewed
CVE-2022-30320 was published Jul 29, 2022
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the... Moderate Unreviewed
CVE-2005-4860 was published May 1, 2022
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for... Moderate Unreviewed
CVE-2022-29960 was published Jul 27, 2022
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering... Moderate Unreviewed
CVE-2022-29959 was published Aug 17, 2022
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash,... Moderate Unreviewed
CVE-2007-6013 was published May 1, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt,... Moderate Unreviewed
CVE-2002-2058 was published Apr 30, 2022
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead... Moderate Unreviewed
CVE-2005-2946 was published May 1, 2022
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34309 was published Feb 12, 2024
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34310 was published Feb 12, 2024
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0,... Moderate Unreviewed
CVE-2024-22361 was published Feb 10, 2024
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker... Moderate Unreviewed
CVE-2024-1040 was published Feb 2, 2024
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50937 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50939 was published Feb 2, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ... Moderate Unreviewed
CVE-2020-1596 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database