Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Insecure Cryptography Algorithm in parsel Critical
GHSA-wqgx-4q47-j2w5 was published for parsel (npm) Sep 4, 2020
Algorithms compute incorrect results in blake2 Critical
CVE-2019-16143 was published for blake2 (Rust) Aug 25, 2021
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Critical Unreviewed
CVE-2021-42216 was published Dec 16, 2021
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies... Critical Unreviewed
CVE-2021-31562 was published Jan 22, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote... Critical Unreviewed
CVE-2022-26854 was published Apr 9, 2022
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using... Critical Unreviewed
CVE-2019-5723 was published May 13, 2022
Nablarch Incomplete Cryptography Critical
CVE-2019-5919 was published for com.nablarch.framework:nablarch-fw-web (Maven) May 13, 2022
chupaaaaaaan
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio... Critical Unreviewed
CVE-2019-9483 was published May 13, 2022
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server... Critical Unreviewed
CVE-2017-4917 was published May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use... Critical Unreviewed
CVE-2017-9859 was published May 13, 2022
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which... Critical Unreviewed
CVE-2016-6602 was published May 14, 2022
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters... Critical Unreviewed
CVE-2017-17878 was published May 14, 2022
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded... Critical Unreviewed
CVE-2017-17717 was published May 14, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical
CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client... Critical Unreviewed
CVE-2014-9969 was published May 17, 2022
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a... Critical Unreviewed
CVE-2017-9466 was published May 17, 2022
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute... Critical Unreviewed
CVE-2014-8687 was published May 17, 2022
An exploitable information disclosure vulnerability exists in the Weave PASE pairing... Critical Unreviewed
CVE-2019-5035 was published May 24, 2022
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected,... Critical Unreviewed
CVE-2020-14517 was published May 24, 2022
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification... Critical Unreviewed
CVE-2021-20305 was published May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX)... Critical Unreviewed
CVE-2021-22738 was published May 24, 2022
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call... Critical Unreviewed
CVE-2019-25052 was published May 24, 2022
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and... Critical Unreviewed
CVE-2020-36363 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database