Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Kwik does not discard unused encryption keys Moderate
CVE-2024-22588 was published for tech.kwik:kwik (Maven) May 24, 2024
Withdrawn: JJWT improperly generates signing keys Moderate
CVE-2024-31033 was published for io.jsonwebtoken:jjwt-impl (Maven) Apr 1, 2024 withdrawn
ebickle
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
Chosen Ciphertext Attack in Jose4j Moderate
GHSA-jgvc-jfgh-rjvv was published for org.bitbucket.b_c:jose4j (Maven) Apr 27, 2023
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
Logic error in Matrix SDK for Android Moderate
CVE-2021-40824 was published for org.matrix.android:matrix-android-sdk2 (Maven) May 24, 2022
Use of a weak cryptographic algorithm in Gradle Low
CVE-2019-16370 was published for org.gradle:gradle-core (Maven) May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API Moderate
CVE-2022-29161 was published for org.xwiki.platform:xwiki-platform-crypto (Maven) May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J High
CVE-2015-0226 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
r3kumar
Nablarch Incomplete Cryptography Critical
CVE-2019-5919 was published for com.nablarch.framework:nablarch-fw-web (Maven) May 13, 2022
chupaaaaaaan
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
Inadequate Encryption Strength in Apache NiFi High
CVE-2020-9491 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
Ciphertext Malleability Issue in Tink Java Low
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
Password Hashing: Do not use MD5 Low
CVE-2020-5229 was published for org.opencastproject:opencast-common-jpa-impl (Maven) Jan 30, 2020
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator High
CVE-2018-1000180 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database