Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
Weak password hash in LiveHelperChat High
CVE-2022-1235 was published for remdex/livehelperchat (Composer) Apr 6, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Improper rate limiting in Koel High
CVE-2021-33563 was published for phanan/koel (Composer) Jun 1, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
Use of Password Hash With Insufficient Computational Effort in Apache Derby Moderate
CVE-2009-4269 was published for org.apache.derby:derby (Maven) May 2, 2022
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
Serverpod improved security for stored password hashes Moderate
CVE-2024-29886 was published for serverpod_auth_server (Pub) Mar 28, 2024
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database