Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Serverpod improved security for stored password hashes Moderate
CVE-2024-29886 was published for serverpod_auth_server (Pub) Mar 28, 2024
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an... Moderate Unreviewed
CVE-2022-47557 was published Sep 19, 2023
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes... Moderate Unreviewed
CVE-2022-29731 was published Jun 3, 2022
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA ... Moderate Unreviewed
CVE-2021-22741 was published May 24, 2022
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered... Moderate Unreviewed
CVE-2021-38314 was published May 24, 2022
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the... Moderate Unreviewed
CVE-2021-38400 was published May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords... Moderate Unreviewed
CVE-2021-33003 was published May 24, 2022
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500... Moderate Unreviewed
CVE-2020-6780 was published May 24, 2022
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative... Moderate Unreviewed
CVE-2020-27693 was published May 24, 2022
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash... Moderate Unreviewed
CVE-2019-12305 was published May 24, 2022
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow... Moderate Unreviewed
CVE-2020-0533 was published May 24, 2022
MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a... Moderate Unreviewed
CVE-2019-20062 was published May 24, 2022
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a... Moderate Unreviewed
CVE-2019-12737 was published May 24, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... Moderate Unreviewed
CVE-2017-11131 was published May 13, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24041 was published May 11, 2022
Use of Password Hash With Insufficient Computational Effort in Apache Derby Moderate
CVE-2009-4269 was published for org.apache.derby:derby (Maven) May 2, 2022
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40... Moderate Unreviewed
CVE-2008-1526 was published May 1, 2022
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for... Moderate Unreviewed
CVE-2002-1657 was published Apr 30, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Moderate Unreviewed
CVE-2022-23348 was published Mar 22, 2022
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password... Moderate Unreviewed
CVE-2022-0022 was published Mar 10, 2022
ProTip! Advisories are also available from the GraphQL API