GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
178 advisories
Filter by severity
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected...
High
Unreviewed
CVE-2016-5919
was published
May 13, 2022
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier...
High
Unreviewed
CVE-2013-4508
was published
May 13, 2022
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity...
High
Unreviewed
CVE-2018-9028
was published
May 13, 2022
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict...
High
Unreviewed
CVE-2014-0224
was published
May 13, 2022
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected...
High
Unreviewed
CVE-2018-1545
was published
May 13, 2022
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected...
High
Unreviewed
CVE-2018-1785
was published
May 13, 2022
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-15811
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke
High
CVE-2018-18325
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks
High
Unreviewed
CVE-2021-27761
was published
May 7, 2022
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
High
CVE-2022-3273
was published
for
rdiffweb
(pip)
Oct 6, 2022
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager,...
High
Unreviewed
CVE-2021-32010
was published
May 5, 2022
IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that...
High
Unreviewed
CVE-2022-22368
was published
May 4, 2022
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is...
High
Unreviewed
CVE-2022-38659
was published
Dec 19, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
High
Unreviewed
CVE-2020-13785
was published
May 24, 2022
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a...
High
Unreviewed
CVE-2020-4778
was published
May 24, 2022
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38891
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38983
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38984
was published
May 24, 2022
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to...
High
Unreviewed
CVE-2022-40141
was published
Sep 20, 2022
Blink1Control2 uses weak password encryption
High
CVE-2022-35513
was published
for
Blink1Control2
(npm)
Sep 8, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption...
High
Unreviewed
CVE-2021-38464
was published
May 24, 2022
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-38862
was published
May 24, 2022
IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected...
High
Unreviewed
CVE-2021-38925
was published
May 24, 2022
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
High
Unreviewed
CVE-2017-16632
was published
May 24, 2022
IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-20360
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API