GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send...
Moderate
Unreviewed
CVE-2023-47363
was published
Nov 9, 2023
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to...
Moderate
Unreviewed
CVE-2023-47365
was published
Nov 9, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm
High
CVE-2023-46894
was published
for
esptool
(pip)
Nov 9, 2023
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when...
Unknown
Unreviewed
CVE-2023-2197
was published
Jul 6, 2023
Dgraph Audit Log Encryption Vulnerability
Moderate
CVE-2023-31135
was published
for
github.com/dgraph-io/dgraph
(Go)
May 17, 2023
mycli has Inadequate Encryption Strength
Moderate
CVE-2023-44690
was published
for
mycli
(pip)
Oct 20, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Python Keyring does not securely initialize encryption cipher
Low
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
Moderate
Unreviewed
CVE-2013-7484
was published
May 5, 2022
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS,...
Moderate
Unreviewed
CVE-2021-36769
was published
May 24, 2022
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is...
Moderate
Unreviewed
CVE-2021-31797
was published
May 24, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of...
Moderate
Unreviewed
CVE-2021-40006
was published
Jan 11, 2022
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,...
Critical
Unreviewed
CVE-2021-45512
was published
Dec 27, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45484
was published
Dec 26, 2021
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment...
Moderate
Unreviewed
CVE-2021-37540
was published
May 24, 2022
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
Moderate
Unreviewed
CVE-2021-37588
was published
May 24, 2022
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
High
Unreviewed
CVE-2021-31898
was published
May 24, 2022
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
High
Unreviewed
CVE-2021-27885
was published
May 24, 2022
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function...
Moderate
Unreviewed
CVE-2021-23126
was published
May 24, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field...
Moderate
Unreviewed
CVE-2021-35226
was published
Oct 11, 2022
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0...
Moderate
Unreviewed
CVE-2022-32222
was published
Jul 15, 2022
Dolibarr ERP and CRM Insecure Encryption
Critical
CVE-2017-7888
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
An unauthorized user with network access and the decryption key could decrypt sensitive data,...
High
Unreviewed
CVE-2022-38469
was published
Jan 18, 2023
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure...
Moderate
Unreviewed
CVE-2022-30683
was published
Sep 17, 2022
ProTip!
Advisories are also available from the
GraphQL API