Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

171 advisories

Loading
The NPort IA5000A Series devices use Telnet as one of the network device management services.... Moderate Unreviewed
CVE-2020-27184 was published May 24, 2022
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2... Moderate Unreviewed
CVE-2021-31615 was published May 24, 2022
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Moderate Unreviewed
CVE-2021-37587 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256. Moderate Unreviewed
CVE-2021-37551 was published May 24, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming... Moderate Unreviewed
CVE-2022-2758 was published Sep 1, 2022
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted... Moderate Unreviewed
CVE-2021-37546 was published May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1... Moderate Unreviewed
CVE-2021-31798 was published May 24, 2022
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component... Moderate Unreviewed
CVE-2021-41061 was published May 24, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method... Moderate Unreviewed
CVE-2022-41209 was published Oct 12, 2022
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and... Moderate Unreviewed
CVE-2017-2391 was published May 17, 2022
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2017-1179 was published May 17, 2022
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the... Moderate Unreviewed
CVE-2016-10104 was published May 17, 2022
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the... Moderate Unreviewed
CVE-2022-34826 was published Jul 16, 2022
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information,... Moderate Unreviewed
CVE-2016-3034 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue... Moderate Unreviewed
CVE-2016-4685 was published May 17, 2022
This vulnerability allows remote attackers to disclose sensitive information on affected... Moderate Unreviewed
CVE-2020-10919 was published May 24, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software... Moderate Unreviewed
CVE-2015-8085 was published May 17, 2022
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software... Moderate Unreviewed
CVE-2015-8086 was published May 17, 2022
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt... Moderate Unreviewed
CVE-2021-40341 was published Jan 6, 2023
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through... Moderate Unreviewed
CVE-2020-16235 was published May 20, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2019-4339 was published May 24, 2022
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values... Moderate Unreviewed
CVE-2019-10638 was published May 24, 2022
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it... Moderate Unreviewed
CVE-2019-15947 was published May 24, 2022
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub... Moderate Unreviewed
CVE-2019-14664 was published May 24, 2022
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without... Moderate Unreviewed
CVE-2019-17356 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API