Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

412 advisories

Loading
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
Lantronix XPort sends weakly encoded credentials within web request headers. Moderate Unreviewed
CVE-2023-7237 was published Jan 24, 2024
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-20692 was published Jan 9, 2024
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26943 was published Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26942 was published Dec 5, 2023
Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a... Moderate Unreviewed
CVE-2023-26941 was published Dec 5, 2023
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 ... Low Unreviewed
CVE-2023-28896 was published Dec 1, 2023
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to... Moderate Unreviewed
CVE-2023-48034 was published Nov 27, 2023
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and... Moderate Unreviewed
CVE-2023-43757 was published Nov 16, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47368 was published Nov 9, 2023
The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47366 was published Nov 9, 2023
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47373 was published Nov 9, 2023
The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to... Moderate Unreviewed
CVE-2023-47367 was published Nov 9, 2023
The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47369 was published Nov 9, 2023
The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47370 was published Nov 9, 2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers... Moderate Unreviewed
CVE-2023-47372 was published Nov 9, 2023
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to... Moderate Unreviewed
CVE-2023-47365 was published Nov 9, 2023
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47363 was published Nov 9, 2023
The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47364 was published Nov 9, 2023
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). Moderate Unreviewed
CVE-2022-48193 was published Nov 6, 2023
mycli has Inadequate Encryption Strength Moderate
CVE-2023-44690 was published for mycli (pip) Oct 20, 2023
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated... High Unreviewed
CVE-2023-30132 was published Oct 19, 2023
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure... Moderate Unreviewed
CVE-2023-43776 was published Oct 17, 2023
ProTip! Advisories are also available from the GraphQL API