GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,726
Composer 4,237
Erlang 31
GitHub Actions 21
Go 2,003
Maven 5,192
npm 3,714
NuGet 661
pip 3,387
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,597

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

174 advisories

Filter by severity

Sort by

Least recently updated

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse... Moderate Unreviewed

CVE-2022-3433 was published Oct 11, 2022

An entity in Network Configuration Manager product is misconfigured and exposing password field... Moderate Unreviewed

CVE-2021-35226 was published Oct 11, 2022

In affected versions of Octopus Server it was identified that the same encryption process was... Moderate Unreviewed

CVE-2022-2781 was published Oct 6, 2022

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An... Moderate Unreviewed

CVE-2022-29835 was published Sep 20, 2022

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure... Moderate Unreviewed

CVE-2022-30683 was published Sep 17, 2022

All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming... Moderate Unreviewed

CVE-2022-2758 was published Sep 1, 2022

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the... Moderate Unreviewed

CVE-2022-34826 was published Jul 16, 2022

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0... Moderate Unreviewed

CVE-2022-32222 was published Jul 15, 2022

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control... Moderate Unreviewed

CVE-2015-5361 was published May 24, 2022

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic... Moderate Unreviewed

CVE-2019-4339 was published May 24, 2022

The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This... Moderate Unreviewed

CVE-2019-9399 was published May 24, 2022

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble... Moderate Unreviewed

CVE-2021-3789 was published May 24, 2022

In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component... Moderate Unreviewed

CVE-2021-41061 was published May 24, 2022

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is... Moderate Unreviewed

CVE-2021-31797 was published May 24, 2022

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1... Moderate Unreviewed

CVE-2021-31798 was published May 24, 2022

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such... Moderate Unreviewed

CVE-2021-39272 was published May 24, 2022

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted... Moderate Unreviewed

CVE-2021-37546 was published May 24, 2022

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment... Moderate Unreviewed

CVE-2021-37540 was published May 24, 2022

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. Moderate Unreviewed

CVE-2021-37551 was published May 24, 2022

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Moderate Unreviewed

CVE-2021-37588 was published May 24, 2022

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Moderate Unreviewed

CVE-2021-37587 was published May 24, 2022

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS,... Moderate Unreviewed

CVE-2021-36769 was published May 24, 2022

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could... Moderate Unreviewed

CVE-2021-20369 was published May 24, 2022

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength... Moderate Unreviewed

CVE-2021-32496 was published May 24, 2022

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2... Moderate Unreviewed

CVE-2021-31615 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

174 advisories