Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

437 advisories

Loading
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks High Unreviewed
CVE-2021-27761 was published May 7, 2022
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm Moderate Unreviewed
CVE-2013-7286 was published May 5, 2022
Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Moderate Unreviewed
CVE-2013-7484 was published May 5, 2022
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager,... High Unreviewed
CVE-2021-32010 was published May 5, 2022
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2022-22368 was published May 4, 2022
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in... Moderate Unreviewed
CVE-2009-2474 was published May 2, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to... Moderate Unreviewed
CVE-2005-4900 was published May 1, 2022
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for... Moderate Unreviewed
CVE-2005-2281 was published May 1, 2022
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher... Moderate Unreviewed
CVE-2005-0366 was published May 1, 2022
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password... Low Unreviewed
CVE-2002-1975 was published Apr 30, 2022
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password"... Low Unreviewed
CVE-2002-1946 was published Apr 30, 2022
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords ... Moderate Unreviewed
CVE-2002-1910 was published Apr 30, 2022
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password... Moderate Unreviewed
CVE-2002-1872 was published Apr 30, 2022
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user... Low Unreviewed
CVE-2002-1739 was published Apr 30, 2022
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that... Moderate Unreviewed
CVE-2002-1697 was published Apr 30, 2022
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the... Low Unreviewed
CVE-2002-1682 was published Apr 30, 2022
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users... Moderate Unreviewed
CVE-2001-1546 was published Apr 30, 2022
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote... Moderate Unreviewed
CVE-2004-2172 was published Apr 29, 2022
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak... High Unreviewed
CVE-2012-2130 was published Apr 23, 2022
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always... Critical Unreviewed
CVE-2011-4121 was published Apr 22, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed
CVE-2022-1318 was published Apr 21, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20677 was published Apr 16, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database