GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Elixir can leak information due to weak use of crypto
High
CVE-2012-2146
was published
for
Elixir
(pip)
May 17, 2022
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
High
CVE-2023-34758
was published
for
github.com/bishopfox/sliver
(Go)
Jun 21, 2023
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
High
CVE-2020-8897
was published
for
aws-encryption-sdk
(Maven)
Oct 12, 2021
python-jose algorithm confusion with OpenSSH ECDSA keys
High
CVE-2024-33663
was published
for
python-jose
(pip)
Apr 26, 2024
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Gorush uses deprecated TLS versions
Moderate
CVE-2024-41270
was published
for
github.com/appleboy/gorush
(Go)
Aug 6, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40465
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
jsonwebtoken unrestricted key type could lead to legacy keys usage
High
CVE-2022-23539
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Low
GHSA-2j6r-9vv4-6gf5
was published
for
github.com/bincyber/go-sqlcrypter
(Go)
May 20, 2024
Collision of hash values in github.com/bnb-chain/tss-lib
Critical
CVE-2022-47931
was published
for
github.com/bnb-chain/tss-lib
(Go)
Dec 23, 2022
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Low
CVE-2020-8912
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
fuel/core Crypt encryption compromised.
Moderate
GHSA-fgrx-4637-fcf5
was published
for
fuel/core
(Composer)
May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
PHP Censor uses a weak hashing algorithm for the remember me key
Moderate
CVE-2024-34914
was published
for
php-censor/php-censor
(Composer)
May 14, 2024
Withdrawn: JJWT improperly generates signing keys
Moderate
CVE-2024-31033
was published
for
io.jsonwebtoken:jjwt-impl
(Maven)
Apr 1, 2024
•
withdrawn
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
CVE-2023-51838
was published
for
meshcentral
(npm)
Feb 2, 2024
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7858
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API