Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

27 advisories

Loading
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to... High Unreviewed
CVE-2024-23091 was published Jul 30, 2024
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A... High Unreviewed
CVE-2019-20466 was published May 24, 2022
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the... High Unreviewed
CVE-2024-3183 was published Jun 12, 2024
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an... High Unreviewed
CVE-2023-31412 was published Aug 24, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows... High Unreviewed
CVE-2023-33243 was published Jun 15, 2023
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting... High Unreviewed
CVE-2001-0967 was published Apr 30, 2022
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3... High Unreviewed
CVE-2024-25607 was published Feb 20, 2024
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the... High Unreviewed
CVE-2005-0408 was published May 1, 2022
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the... High Unreviewed
CVE-2022-3010 was published Jan 2, 2024
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers... High Unreviewed
CVE-2023-5846 was published Nov 2, 2023
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker... High Unreviewed
CVE-2021-43989 was published Dec 24, 2021
A use of password hash with insufficient computational effort vulnerability [CWE-916] in... High Unreviewed
CVE-2022-26115 was published Feb 16, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%... High Unreviewed
CVE-2018-9233 was published May 13, 2022
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and... High Unreviewed
CVE-2018-1447 was published May 13, 2022
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations... High Unreviewed
CVE-2019-7649 was published May 13, 2022
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing... High Unreviewed
CVE-2019-0030 was published May 13, 2022
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with... High Unreviewed
CVE-2019-3907 was published May 13, 2022
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of... High Unreviewed
CVE-2021-32596 was published May 24, 2022
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 /... High Unreviewed
CVE-2021-22774 was published May 24, 2022
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for... High Unreviewed
CVE-2020-25754 was published May 24, 2022
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long... High Unreviewed
CVE-2020-28873 was published May 24, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are... High Unreviewed
CVE-2021-23855 was published May 24, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6... High Unreviewed
CVE-2021-32997 was published May 26, 2022
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak... High Unreviewed
CVE-2020-16231 was published May 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database