Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
OpenSSL gem for Ruby using inadequate encryption strength High
CVE-2016-7798 was published for openssl (RubyGems) Oct 24, 2017
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-18325 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-15811 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
CLI does not correctly implement strict mode Low
GHSA-2xwp-m7mq-7q3r was published for aws-encryption-sdk-cli (pip) Oct 28, 2020
RSA weakness in tslite-ng Low
CVE-2020-26263 was published for tlslite-ng (pip) Dec 21, 2020
tomato42
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2021-20400 was published Dec 2, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some... High Unreviewed
CVE-2021-22170 was published Dec 7, 2021
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... High Unreviewed
CVE-2021-37188 was published Dec 11, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic... High Unreviewed
CVE-2021-38947 was published Dec 14, 2021
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols... High Unreviewed
CVE-2021-36337 was published Dec 22, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. High Unreviewed
CVE-2021-45484 was published Dec 26, 2021
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,... Critical Unreviewed
CVE-2021-45512 was published Dec 27, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART... High Unreviewed
CVE-2021-20161 was published Dec 31, 2021
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser (Maven) Jan 6, 2022
nrktkt
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted... High Unreviewed
CVE-2022-24318 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database