GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
High
CVE-2018-1000180
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 16, 2018
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Password Hashing: Do not use MD5
Low
CVE-2020-5229
was published
for
org.opencastproject:opencast-common-jpa-impl
(Maven)
Jan 30, 2020
Ciphertext Malleability Issue in Tink Java
Moderate
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
High
CVE-2020-8897
was published
for
aws-encryption-sdk
(Maven)
Oct 12, 2021
Inadequate Encryption Strength in Apache NiFi
High
CVE-2020-9491
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Moderate
CVE-2011-2487
was published
for
org.apache.ws.security:wss4j
(Maven)
Apr 22, 2022
Nablarch Incomplete Cryptography
Critical
CVE-2019-5919
was published
for
com.nablarch.framework:nablarch-fw-web
(Maven)
May 13, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
High
CVE-2015-0226
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Logic error in Matrix SDK for Android
Moderate
CVE-2021-40824
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
May 24, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Chosen Ciphertext Attack in Jose4j
Moderate
GHSA-jgvc-jfgh-rjvv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Apr 27, 2023
jose4j uses weak cryptographic algorithm
High
CVE-2023-31582
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Oct 25, 2023
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
ProTip!
Advisories are also available from the
GraphQL API