Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,764
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

436 advisories

Loading
Inadequate Encryption Strength and Algorithm Downgrade in Wildfly Moderate Unreviewed
CVE-2019-14887 was published Feb 15, 2022
IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse engineer the application due to... Moderate Unreviewed
CVE-2019-4291 was published Feb 17, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Moderate Unreviewed
CVE-2022-21800 was published Feb 19, 2022
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may... High Unreviewed
CVE-2020-14481 was published Feb 25, 2022
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4... High Unreviewed
CVE-2020-10636 was published Feb 25, 2022
Argus Surveillance DVR v4.0 employs weak password encryption. Moderate Unreviewed
CVE-2022-25012 was published Mar 3, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-37209 was published Mar 9, 2022
Discoverability of user password hash in Statamic CMS Low
CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02... High Unreviewed
CVE-2021-32945 was published Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who... High Unreviewed
CVE-2021-45104 was published Apr 7, 2022
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the... High Unreviewed
CVE-2022-0828 was published Apr 12, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard... High Unreviewed
CVE-2022-1252 was published Apr 12, 2022
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco... High Unreviewed
CVE-2022-20677 was published Apr 16, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local... Moderate Unreviewed
CVE-2022-1318 was published Apr 21, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always... Critical Unreviewed
CVE-2011-4121 was published Apr 22, 2022
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak... High Unreviewed
CVE-2012-2130 was published Apr 23, 2022
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote... Moderate Unreviewed
CVE-2004-2172 was published Apr 29, 2022
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users... Moderate Unreviewed
CVE-2001-1546 was published Apr 30, 2022
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the... Low Unreviewed
CVE-2002-1682 was published Apr 30, 2022
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that... Moderate Unreviewed
CVE-2002-1697 was published Apr 30, 2022
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user... Low Unreviewed
CVE-2002-1739 was published Apr 30, 2022
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password... Moderate Unreviewed
CVE-2002-1872 was published Apr 30, 2022
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords ... Moderate Unreviewed
CVE-2002-1910 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database