GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys
Critical
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation...
Critical
Unreviewed
CVE-2024-0323
was published
Feb 5, 2024
DeviceFarmer stf uses DES-ECB
Critical
CVE-2023-51839
was published
for
@devicefarmer/stf
(npm)
Jan 29, 2024
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of...
Critical
Unreviewed
CVE-2023-34039
was published
Aug 29, 2023
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to...
Critical
Unreviewed
CVE-2023-34130
was published
Jul 13, 2023
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Critical
CVE-2023-34758
was published
for
github.com/bishopfox/sliver
(Go)
Jun 21, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
Collision of hash values in github.com/bnb-chain/tss-lib
Critical
CVE-2022-47931
was published
for
github.com/bnb-chain/tss-lib
(Go)
Dec 23, 2022
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three...
Critical
Unreviewed
CVE-2022-30273
was published
Jul 27, 2022
Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain...
Critical
Unreviewed
CVE-2022-34632
was published
Jul 19, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A...
Critical
Unreviewed
CVE-2022-31230
was published
Jun 29, 2022
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH...
Critical
Unreviewed
CVE-2021-36298
was published
May 24, 2022
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2....
Critical
Unreviewed
CVE-2021-31556
was published
May 24, 2022
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and...
Critical
Unreviewed
CVE-2020-36363
was published
May 24, 2022
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call...
Critical
Unreviewed
CVE-2019-25052
was published
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX)...
Critical
Unreviewed
CVE-2021-22738
was published
May 24, 2022
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification...
Critical
Unreviewed
CVE-2021-20305
was published
May 24, 2022
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected,...
Critical
Unreviewed
CVE-2020-14517
was published
May 24, 2022
An exploitable information disclosure vulnerability exists in the Weave PASE pairing...
Critical
Unreviewed
CVE-2019-5035
was published
May 24, 2022
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute...
Critical
Unreviewed
CVE-2014-8687
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API