Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

412 advisories

Loading
The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send... Moderate Unreviewed
CVE-2023-47363 was published Nov 9, 2023
The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to... Moderate Unreviewed
CVE-2023-47365 was published Nov 9, 2023
esptool allows attackers to view sensitive information via weak cryptographic algorithm High
CVE-2023-46894 was published for esptool (pip) Nov 9, 2023
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when... Unknown Unreviewed
CVE-2023-2197 was published Jul 6, 2023
Dgraph Audit Log Encryption Vulnerability Moderate
CVE-2023-31135 was published for github.com/dgraph-io/dgraph (Go) May 17, 2023
HakuPiku joshua-goldstein
skrdgraph
mycli has Inadequate Encryption Strength Moderate
CVE-2023-44690 was published for mycli (pip) Oct 20, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Inadequate Encryption Strength in python-keystoneclient Critical
CVE-2013-2166 was published for python-keystoneclient (pip) Oct 12, 2021
Python Keyring does not securely initialize encryption cipher Low
CVE-2012-4571 was published for keyring (pip) May 17, 2022
Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Moderate Unreviewed
CVE-2013-7484 was published May 5, 2022
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS,... Moderate Unreviewed
CVE-2021-36769 was published May 24, 2022
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is... Moderate Unreviewed
CVE-2021-31797 was published May 24, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62,... Critical Unreviewed
CVE-2021-45512 was published Dec 27, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. High Unreviewed
CVE-2021-45484 was published Dec 26, 2021
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment... Moderate Unreviewed
CVE-2021-37540 was published May 24, 2022
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Moderate Unreviewed
CVE-2021-37588 was published May 24, 2022
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. High Unreviewed
CVE-2021-31898 was published May 24, 2022
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. High Unreviewed
CVE-2021-27885 was published May 24, 2022
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function... Moderate Unreviewed
CVE-2021-23126 was published May 24, 2022
An entity in Network Configuration Manager product is misconfigured and exposing password field... Moderate Unreviewed
CVE-2021-35226 was published Oct 11, 2022
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0... Moderate Unreviewed
CVE-2022-32222 was published Jul 15, 2022
Dolibarr ERP and CRM Insecure Encryption Critical
CVE-2017-7888 was published for dolibarr/dolibarr (Composer) May 17, 2022
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure... Moderate Unreviewed
CVE-2022-30683 was published Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API