Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

184 advisories

Loading
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker... High Unreviewed
CVE-2021-37188 was published Dec 11, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some... High Unreviewed
CVE-2021-22170 was published Dec 7, 2021
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02... High Unreviewed
CVE-2021-32945 was published Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who... High Unreviewed
CVE-2021-45104 was published Apr 7, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART... High Unreviewed
CVE-2021-20161 was published Dec 31, 2021
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic... High Unreviewed
CVE-2021-29694 was published May 24, 2022
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. High Unreviewed
CVE-2021-28213 was published May 24, 2022
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2020-4965 was published May 24, 2022
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which... High Unreviewed
CVE-2021-29794 was published May 24, 2022
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may... High Unreviewed
CVE-2021-31796 was published May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number... High Unreviewed
CVE-2021-41829 was published May 24, 2022
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected... High Unreviewed
CVE-2021-20337 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash... High Unreviewed
CVE-2021-38979 was published May 24, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... High Unreviewed
CVE-2021-27457 was published May 24, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an... High Unreviewed
CVE-2022-21139 was published Aug 19, 2022
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2017-1224 was published May 17, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than... High Unreviewed
CVE-2022-22464 was published Jul 9, 2022
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure... High Unreviewed
CVE-2017-1319 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue... High Unreviewed
CVE-2017-2380 was published May 17, 2022
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow... High Unreviewed
CVE-2016-2379 was published May 17, 2022
Due to a lack of standard encryption when transmitting sensitive information over the internet to... High Unreviewed
CVE-2017-5239 was published May 17, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2022-22453 was published Jul 15, 2022
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently... High Unreviewed
CVE-2017-5999 was published May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. High Unreviewed
CVE-2016-5056 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database