Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

164 advisories

Loading
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a... High Unreviewed
CVE-2016-2879 was published May 17, 2022
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently... High Unreviewed
CVE-2017-5999 was published May 17, 2022
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and... High Unreviewed
CVE-2016-10102 was published May 17, 2022
Due to a lack of standard encryption when transmitting sensitive information over the internet to... High Unreviewed
CVE-2017-5239 was published May 17, 2022
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow... High Unreviewed
CVE-2016-2379 was published May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. High Unreviewed
CVE-2016-5056 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue... High Unreviewed
CVE-2017-2380 was published May 17, 2022
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure... High Unreviewed
CVE-2017-1319 was published May 17, 2022
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2017-1224 was published May 17, 2022
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected... High Unreviewed
CVE-2017-1375 was published May 17, 2022
WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier... High Unreviewed
CVE-2012-6707 was published May 17, 2022
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows... High Unreviewed
CVE-2017-14797 was published May 17, 2022
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600... High Unreviewed
CVE-2017-8174 was published May 17, 2022
IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows... High Unreviewed
CVE-2017-1271 was published May 17, 2022
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no... High Unreviewed
CVE-2017-17436 was published May 14, 2022
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android,... High Unreviewed
CVE-2018-5298 was published May 14, 2022
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores... High Unreviewed
CVE-2017-1701 was published May 14, 2022
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker... High Unreviewed
CVE-2017-1473 was published May 14, 2022
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected... High Unreviewed
CVE-2017-1255 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10... High Unreviewed
CVE-2016-4693 was published May 14, 2022
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption... High Unreviewed
CVE-2017-13699 was published May 14, 2022
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2018-1648 was published May 14, 2022
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining... High Unreviewed
CVE-2013-7469 was published May 14, 2022
Using remote content in encrypted messages can lead to the disclosure of plaintext. This... High Unreviewed
CVE-2018-5184 was published May 14, 2022
System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with... High Unreviewed
CVE-2018-6635 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database