Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

453 advisories

Loading
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is... Moderate Unreviewed
CVE-2023-40660 was published Nov 6, 2023
Vyper sha3 codegen bug Low
CVE-2024-24559 was published for vyper (pip) Feb 5, 2024
cyberthirst kuroi8
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits... Moderate Unreviewed
CVE-2024-28834 was published Mar 21, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability Critical
CVE-2023-34758 was published for github.com/bishopfox/sliver (Go) Jun 21, 2023
In modem, there is a possible information disclosure due to using risky cryptographic algorithm... Moderate Unreviewed
CVE-2024-20070 was published Jun 3, 2024
IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-43189 was published Nov 15, 2024
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at... High Unreviewed
CVE-2024-51556 was published Nov 4, 2024
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user... Moderate Unreviewed
CVE-2020-11916 was published Nov 7, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware... Moderate Unreviewed
CVE-2023-5962 was published Dec 23, 2023
Timing attacks in python-rsa High
CVE-2020-25658 was published for rsa (pip) Apr 30, 2021
Python-RSA decryption of ciphertext leads to DoS High
CVE-2020-13757 was published for rsa (pip) Mar 24, 2021
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as... Moderate Unreviewed
CVE-2024-10128 was published Oct 18, 2024
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a... Moderate Unreviewed
CVE-2024-48016 was published Oct 18, 2024
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
The authentication cookies are generated using an algorithm based on the username, hardcoded... High Unreviewed
CVE-2023-49259 was published Jan 12, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Certain switch models from PLANET Technology only support obsolete algorithms for authentication... High Unreviewed
CVE-2024-8452 was published Sep 30, 2024
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware... Moderate Unreviewed
CVE-2023-51392 was published Feb 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database