Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to... High Unreviewed
CVE-2024-23091 was published Jul 30, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could... Unknown Unreviewed
CVE-2024-24553 was published Jun 24, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the... High Unreviewed
CVE-2024-3183 was published Jun 12, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting... Low Unreviewed
CVE-2024-21754 was published Jun 11, 2024
Serverpod improved security for stored password hashes Moderate
CVE-2024-29886 was published for serverpod_auth_server (Pub) Mar 28, 2024
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by... Low Unreviewed
CVE-2024-2365 was published Mar 11, 2024
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3... High Unreviewed
CVE-2024-25607 was published Feb 20, 2024
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the... High Unreviewed
CVE-2022-3010 was published Jan 2, 2024
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers... High Unreviewed
CVE-2023-5846 was published Nov 2, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an... Moderate Unreviewed
CVE-2022-47557 was published Sep 19, 2023
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901.... Low Unreviewed
CVE-2023-4986 was published Sep 15, 2023
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an... High Unreviewed
CVE-2023-31412 was published Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm. Critical Unreviewed
CVE-2023-34433 was published Jul 7, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows... High Unreviewed
CVE-2023-33243 was published Jun 15, 2023
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
A use of password hash with insufficient computational effort vulnerability [CWE-916] in... High Unreviewed
CVE-2022-26115 was published Feb 16, 2023
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database