GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
CLI does not correctly implement strict mode
Low
GHSA-2xwp-m7mq-7q3r
was published
for
aws-encryption-sdk-cli
(pip)
Oct 28, 2020
Inadequate Encryption Strength
Critical
CVE-2017-1000486
was published
for
org.primefaces:primefaces
(Maven)
Jun 3, 2021
Elliptic Curve Key Disclosure in go-jose
Critical
CVE-2016-9121
was published
for
github.com/square/go-jose
(Go)
Jun 23, 2021
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Hash collision in typelevel jawn
Moderate
CVE-2022-21653
was published
for
org.typelevel:jawn-parser
(Maven)
Jan 6, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function
Moderate
CVE-2010-3670
was published
for
typo3/cms-frontend
(Composer)
Apr 21, 2022
Inadequate Encryption Strength in Apache CXF
Moderate
CVE-2012-5575
was published
for
org.apache.cxf:cxf-rt-transports-http
(Maven)
May 13, 2022
Inadequate Encryption Strength in Jenkins
Moderate
CVE-2017-2598
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Apache OpenMeetings has Inadequate Encryption Strength
Critical
CVE-2017-7673
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Weak Cryptography in PHP-Proxy
High
CVE-2018-19784
was published
for
athlon1600/php-proxy
(Composer)
May 13, 2022
SimpleSAMLphp Incorrect IV generation for encryption
Moderate
CVE-2017-12871
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
Dolibarr ERP and CRM Insecure Encryption
Critical
CVE-2017-7888
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Python Keyring does not securely initialize encryption cipher
High
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Beaker Sensitive Information Disclosure vulnerability
Moderate
CVE-2012-3458
was published
for
beaker
(pip)
May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API