Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net:... High Unreviewed
CVE-2021-32066 was published May 24, 2022
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm ... High Unreviewed
CVE-2024-1224 was published Mar 6, 2024
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic... High Unreviewed
CVE-2024-25102 was published Mar 6, 2024
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak... High Unreviewed
CVE-2012-2130 was published Apr 23, 2022
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2018-2007 was published May 24, 2022
IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weaker than expected... High Unreviewed
CVE-2018-1608 was published May 24, 2022
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the... High Unreviewed
CVE-2019-20138 was published May 24, 2022
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote... High Unreviewed
CVE-2023-27389 was published Apr 11, 2023
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40... High Unreviewed
CVE-2022-4048 was published May 15, 2023
AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption... High Unreviewed
CVE-2023-34337 was published Jul 5, 2023
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with... High Unreviewed
CVE-2022-2640 was published Jul 6, 2023
Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the... High Unreviewed
CVE-2023-2443 was published Jul 6, 2023
The BigFix WebUI uses weak cipher suites. High Unreviewed
CVE-2023-28021 was published Jul 18, 2023
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27... High Unreviewed
CVE-2023-0525 was published Aug 4, 2023
An inadequate encryption strength vulnerability has been reported to affect QNAP operating... High Unreviewed
CVE-2023-34971 was published Aug 24, 2023
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS... High Unreviewed
CVE-2023-41305 was published Sep 27, 2023
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength... High Unreviewed
CVE-2023-4129 was published Sep 27, 2023
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated... High Unreviewed
CVE-2023-30132 was published Oct 19, 2023
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno NikAleksandrov
iokill marshrayms
Credited to pchaigno, NikAleksandrov, iokill, and marshrayms
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is... High Unreviewed
CVE-2021-23839 was published May 24, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Credited to another-rex
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC... High Unreviewed
CVE-2024-38867 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database