Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to... Moderate Unreviewed
CVE-2022-20117 was published May 11, 2022
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and... Moderate Unreviewed
CVE-2013-1053 was published May 5, 2022
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C... Moderate Unreviewed
CVE-2013-2213 was published May 5, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
The default configuration of the Wi-Fi component on the Huawei D100 does not use encryption,... Moderate Unreviewed
CVE-2009-2273 was published May 2, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit... Moderate Unreviewed
CVE-2007-6755 was published May 1, 2022
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash,... Moderate Unreviewed
CVE-2007-6013 was published May 1, 2022
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the... Moderate Unreviewed
CVE-2005-4860 was published May 1, 2022
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead... Moderate Unreviewed
CVE-2005-2946 was published May 1, 2022
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt,... Moderate Unreviewed
CVE-2002-2058 was published Apr 30, 2022
Information from SSL-encrypted sessions via PKCS #1. Moderate Unreviewed
CVE-1999-0007 was published Apr 30, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Moderate
CVE-2011-2487 was published for org.apache.ws.security:wss4j (Maven) Apr 22, 2022
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG)... Moderate Unreviewed
CVE-2022-20805 was published Apr 22, 2022
A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel... Moderate Unreviewed
CVE-2021-32593 was published Apr 7, 2022
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker... Moderate Unreviewed
CVE-2021-43774 was published Mar 4, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol... Moderate Unreviewed
CVE-2021-45081 was published Feb 21, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Moderate Unreviewed
CVE-2022-21800 was published Feb 19, 2022
CBC padding oracle issue in AWS S3 Crypto SDK for golang Moderate
CVE-2020-8911 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than... Moderate Unreviewed
CVE-2022-22310 was published Jan 20, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in... Moderate Unreviewed
CVE-2021-43550 was published Dec 28, 2021
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information... Moderate Unreviewed
CVE-2021-45486 was published Dec 26, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database