GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
Python Keyring does not securely initialize encryption cipher
High
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
High
CVE-2024-23656
was published
for
github.com/dexidp/dex
(Go)
Jan 26, 2024
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
esptool allows attackers to view sensitive information via weak cryptographic algorithm
High
CVE-2023-46894
was published
for
esptool
(pip)
Nov 9, 2023
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Weak Cryptography in PHP-Proxy
High
CVE-2018-19784
was published
for
athlon1600/php-proxy
(Composer)
May 13, 2022
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
Play Framework Inadequate Encryption Strength vulnerability
High
CVE-2019-17598
was published
for
com.typesafe.play:play-ws_2.12
(Maven)
May 24, 2022
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Blink1Control2 uses weak password encryption
High
CVE-2022-35513
was published
for
Blink1Control2
(npm)
Sep 8, 2022
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
High
CVE-2016-1000352
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API