GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,508
Composer 4,176
Erlang 30
GitHub Actions 19
Go 1,982
Maven 5,155
npm 3,701
NuGet 656
pip 3,323
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 232,996

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

64 advisories

Filter by severity

Sort by

Least recently updated

mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker... High Unreviewed

CVE-2021-43989 was published Dec 24, 2021

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password... Moderate Unreviewed

CVE-2022-0022 was published Mar 10, 2022

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Moderate Unreviewed

CVE-2022-23348 was published Mar 22, 2022

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions... High Unreviewed

CVE-2022-25156 was published Apr 3, 2022

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric... Critical Unreviewed

CVE-2022-25157 was published Apr 3, 2022

A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9... High Unreviewed

CVE-2021-26113 was published Apr 7, 2022

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting... High Unreviewed

CVE-2001-0967 was published Apr 30, 2022

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for... Moderate Unreviewed

CVE-2002-1657 was published Apr 30, 2022

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the... High Unreviewed

CVE-2005-0408 was published May 1, 2022

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local... Low Unreviewed

CVE-2006-1058 was published May 1, 2022

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40... Moderate Unreviewed

CVE-2008-1526 was published May 1, 2022

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed

CVE-2022-24041 was published May 11, 2022

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing... High Unreviewed

CVE-2019-0030 was published May 13, 2022

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with... High Unreviewed

CVE-2019-3907 was published May 13, 2022

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations... High Unreviewed

CVE-2019-7649 was published May 13, 2022

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker... Critical Unreviewed

CVE-2019-6563 was published May 13, 2022

Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password... Critical Unreviewed

CVE-2018-10618 was published May 13, 2022

Password recovery exploitation vulnerability in the non-certificate-based authentication... Critical Unreviewed

CVE-2017-3962 was published May 13, 2022

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... Moderate Unreviewed

CVE-2017-11131 was published May 13, 2022

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and... High Unreviewed

CVE-2018-1447 was published May 13, 2022

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users... Critical Unreviewed

CVE-2018-15680 was published May 13, 2022

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%... High Unreviewed

CVE-2018-9233 was published May 13, 2022

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak... High Unreviewed

CVE-2020-16231 was published May 20, 2022

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a... Moderate Unreviewed

CVE-2019-12737 was published May 24, 2022

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05... Critical Unreviewed

CVE-2019-17216 was published May 24, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

64 advisories