Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

64 advisories

Loading
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to... High Unreviewed
CVE-2024-23091 was published Jul 30, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could... Unknown Unreviewed
CVE-2024-24553 was published Jun 24, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the... High Unreviewed
CVE-2024-3183 was published Jun 12, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting... Low Unreviewed
CVE-2024-21754 was published Jun 11, 2024
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by... Low Unreviewed
CVE-2024-2365 was published Mar 11, 2024
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3... High Unreviewed
CVE-2024-25607 was published Feb 20, 2024
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the... High Unreviewed
CVE-2022-3010 was published Jan 2, 2024
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers... High Unreviewed
CVE-2023-5846 was published Nov 2, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an... Moderate Unreviewed
CVE-2022-47557 was published Sep 19, 2023
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901.... Low Unreviewed
CVE-2023-4986 was published Sep 15, 2023
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an... High Unreviewed
CVE-2023-31412 was published Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm. Critical Unreviewed
CVE-2023-34433 was published Jul 7, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows... High Unreviewed
CVE-2023-33243 was published Jun 15, 2023
A use of password hash with insufficient computational effort vulnerability [CWE-916] in... High Unreviewed
CVE-2022-26115 was published Feb 16, 2023
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes... Moderate Unreviewed
CVE-2022-29731 was published Jun 3, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6... High Unreviewed
CVE-2021-32997 was published May 26, 2022
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA ... Moderate Unreviewed
CVE-2021-22741 was published May 24, 2022
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered... Moderate Unreviewed
CVE-2021-38314 was published May 24, 2022
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that... Critical Unreviewed
CVE-2021-36767 was published May 24, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are... High Unreviewed
CVE-2021-23855 was published May 24, 2022
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the... Moderate Unreviewed
CVE-2021-38400 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API