GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through...
Moderate
Unreviewed
CVE-2020-16235
was published
May 20, 2022
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt...
Moderate
Unreviewed
CVE-2021-40341
was published
Jan 6, 2023
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a...
Critical
Unreviewed
CVE-2021-42949
was published
Sep 17, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are...
High
Unreviewed
CVE-2021-23855
was published
May 24, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software...
Moderate
Unreviewed
CVE-2015-8086
was published
May 17, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software...
Moderate
Unreviewed
CVE-2015-8085
was published
May 17, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected...
Moderate
Unreviewed
CVE-2020-10919
was published
May 24, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue...
Moderate
Unreviewed
CVE-2016-4685
was published
May 17, 2022
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information,...
Moderate
Unreviewed
CVE-2016-3034
was published
May 17, 2022
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and...
High
Unreviewed
CVE-2016-10102
was published
May 17, 2022
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the...
Moderate
Unreviewed
CVE-2022-34826
was published
Jul 16, 2022
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is...
Critical
Unreviewed
CVE-2017-8076
was published
May 17, 2022
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a...
High
Unreviewed
CVE-2016-2879
was published
May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
High
Unreviewed
CVE-2016-5056
was published
May 17, 2022
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently...
High
Unreviewed
CVE-2017-5999
was published
May 17, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that...
High
Unreviewed
CVE-2022-22453
was published
Jul 15, 2022
Due to a lack of standard encryption when transmitting sensitive information over the internet to...
High
Unreviewed
CVE-2017-5239
was published
May 17, 2022
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow...
High
Unreviewed
CVE-2016-2379
was published
May 17, 2022
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the...
Moderate
Unreviewed
CVE-2016-10104
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue...
High
Unreviewed
CVE-2017-2380
was published
May 17, 2022
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix...
Critical
Unreviewed
CVE-2017-7903
was published
May 17, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or...
Critical
Unreviewed
CVE-2017-7229
was published
May 17, 2022
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure...
High
Unreviewed
CVE-2017-1319
was published
May 17, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than...
High
Unreviewed
CVE-2022-22464
was published
Jul 9, 2022
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that...
Moderate
Unreviewed
CVE-2017-1179
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API