Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

82 advisories

Loading
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
Vyper sha3 codegen bug Low
CVE-2024-24559 was published for vyper (pip) Feb 5, 2024
cyberthirst kuroi8
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability Critical
CVE-2023-34758 was published for github.com/bishopfox/sliver (Go) Jun 21, 2023
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid
Timing attacks in python-rsa High
CVE-2020-25658 was published for rsa (pip) Apr 30, 2021
Python-RSA decryption of ciphertext leads to DoS High
CVE-2020-13757 was published for rsa (pip) Mar 24, 2021
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Elixir can leak information due to weak use of crypto High
CVE-2012-2146 was published for Elixir (pip) May 17, 2022
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform High
CVE-2019-19316 was published for github.com/hashicorp/terraform (Go) May 18, 2021
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
Kwik does not discard unused encryption keys Moderate
CVE-2024-22588 was published for tech.kwik:kwik (Maven) May 24, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Gorush uses deprecated TLS versions Moderate
CVE-2024-41270 was published for github.com/appleboy/gorush (Go) Aug 6, 2024
Beego privilege escalation vulnerability High
CVE-2024-40465 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
ProTip! Advisories are also available from the GraphQL API