GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,496
Composer 4,170
Erlang 30
GitHub Actions 19
Go 1,981
Maven 5,155
npm 3,700
NuGet 656
pip 3,319
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 232,910

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

204 advisories

Filter by severity

Sort by

Least recently updated

A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel... Moderate Unreviewed

CVE-2021-32593 was published Apr 7, 2022

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information... Moderate Unreviewed

CVE-2021-45486 was published Dec 26, 2021

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that... Moderate Unreviewed

CVE-2020-10932 was published May 24, 2022

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak... Moderate Unreviewed

CVE-2022-34757 was published Jul 14, 2022

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29... Moderate Unreviewed

CVE-2022-29965 was published Jul 27, 2022

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an... Moderate Unreviewed

CVE-2022-46140 was published Dec 13, 2022

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation... Moderate Unreviewed

CVE-2022-45195 was published Nov 13, 2022

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers... Moderate Unreviewed

CVE-2022-30111 was published May 19, 2022

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the... Moderate Unreviewed

CVE-2019-16863 was published May 24, 2022

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This... Moderate Unreviewed

CVE-2019-13629 was published May 24, 2022

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak... Moderate Unreviewed

CVE-2019-19397 was published May 24, 2022

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing... Moderate Unreviewed

CVE-2022-20513 was published Dec 20, 2022

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR... Moderate Unreviewed

CVE-2019-19299 was published May 24, 2022

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than... Moderate Unreviewed

CVE-2020-10788 was published May 24, 2022

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is... Moderate Unreviewed

CVE-2020-11501 was published May 24, 2022

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and... Moderate Unreviewed

CVE-2020-10601 was published May 24, 2022

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed

CVE-2020-11713 was published May 24, 2022

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file... Moderate Unreviewed

CVE-2020-10560 was published May 24, 2022

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All... Moderate Unreviewed

CVE-2019-10929 was published May 24, 2022

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 ... Moderate Unreviewed

CVE-2020-7511 was published May 24, 2022

During RSA key generation, bignum implementations used a variation of the Binary Extended... Moderate Unreviewed

CVE-2020-12402 was published May 24, 2022

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of... Moderate Unreviewed

CVE-2020-24619 was published May 24, 2022

Untangle Firewall NG before 16.0 uses MD5 for passwords. Moderate Unreviewed

CVE-2020-17494 was published May 24, 2022

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications... Moderate Unreviewed

CVE-2020-20950 was published May 24, 2022

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms... Moderate Unreviewed

CVE-2020-4624 was published May 24, 2022

Previous 1 2 3 4 5 … 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

204 advisories