Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. High Unreviewed
CVE-2022-37177 was published Aug 30, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade... High Unreviewed
CVE-2022-28370 was published Jul 15, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server... High Unreviewed
CVE-2022-28622 was published Jun 28, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD... High Unreviewed
CVE-2022-24296 was published Jun 9, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could... High Unreviewed
CVE-2019-14852 was published May 24, 2022
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP... High Unreviewed
CVE-2020-28396 was published May 24, 2022
Key confusion through non-blocklisted public key formats High
CVE-2022-29217 was published for pyjwt (pip) May 24, 2022
aapooksman
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than... High Unreviewed
CVE-2021-29894 was published May 24, 2022
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the... High Unreviewed
CVE-2021-22948 was published May 24, 2022
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2021-29750 was published May 24, 2022
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute... High Unreviewed
CVE-2021-33582 was published May 24, 2022
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected... High Unreviewed
CVE-2021-29722 was published May 24, 2022
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected... High Unreviewed
CVE-2021-29723 was published May 24, 2022
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker... High Unreviewed
CVE-2021-29704 was published May 24, 2022
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported... High Unreviewed
CVE-2021-2351 was published May 24, 2022
The combination of various cryptographic issues in the session management of FortiMail 6.4.0... High Unreviewed
CVE-2021-26095 was published May 24, 2022
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2021-20497 was published May 24, 2022
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic... High Unreviewed
CVE-2021-20379 was published May 24, 2022
IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an... High Unreviewed
CVE-2021-20566 was published May 24, 2022
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate... High Unreviewed
CVE-2021-22212 was published May 24, 2022
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x... High Unreviewed
CVE-2020-26515 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database