GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
149 advisories
Filter by severity
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
High
Unreviewed
CVE-2021-39002
was published
Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-39058
was published
Dec 14, 2021
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption...
High
Unreviewed
CVE-2021-45451
was published
Dec 22, 2021
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt...
High
Unreviewed
CVE-2021-45450
was published
Dec 22, 2021
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker...
High
Unreviewed
CVE-2021-43989
was published
Dec 24, 2021
A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was...
High
Unreviewed
CVE-2017-2488
was published
Dec 24, 2021
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an...
High
Unreviewed
CVE-2021-45485
was published
Dec 26, 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic...
High
Unreviewed
CVE-2021-45487
was published
Dec 26, 2021
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
High
Unreviewed
CVE-2021-45488
was published
Dec 26, 2021
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38921
was published
Jan 11, 2022
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues...
High
Unreviewed
CVE-2021-33846
was published
Jan 22, 2022
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to...
High
Unreviewed
CVE-2021-46559
was published
Jan 27, 2022
Use of a Broken or Risky Cryptographic Algorithm in PostgreSQL
High
Unreviewed
CVE-2020-25694
was published
Feb 15, 2022
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method...
High
Unreviewed
CVE-2020-36516
was published
Feb 27, 2022
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure...
High
Unreviewed
CVE-2021-27756
was published
Mar 5, 2022
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2022-22327
was published
Apr 2, 2022
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and...
High
Unreviewed
CVE-2021-33018
was published
Apr 3, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard...
High
Unreviewed
CVE-2022-1252
was published
Apr 12, 2022
Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm...
High
Unreviewed
CVE-2022-22559
was published
Apr 13, 2022
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-39076
was published
Apr 20, 2022
The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation...
High
Unreviewed
CVE-2022-29566
was published
Apr 22, 2022
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
High
Unreviewed
CVE-2012-5623
was published
Apr 23, 2022
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-39082
was published
Apr 30, 2022
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak...
High
Unreviewed
CVE-2007-4150
was published
May 1, 2022
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation...
High
Unreviewed
CVE-2007-5460
was published
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API