Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,732
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker... Moderate Unreviewed
CVE-2024-1040 was published Feb 2, 2024
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44319 was published Nov 14, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was... High Unreviewed
CVE-2023-43630 was published Sep 20, 2023
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on... High Unreviewed
CVE-2023-43635 was published Sep 20, 2023
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as... Low Unreviewed
CVE-2023-2900 was published May 25, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak... Moderate Unreviewed
CVE-2023-0452 was published Jan 26, 2023
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse... Moderate Unreviewed
CVE-2022-3433 was published Oct 11, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An... Moderate Unreviewed
CVE-2022-29835 was published Sep 20, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ High
CVE-2022-29249 was published for io.github.javaezlib:JavaEZ (Maven) May 25, 2022
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform ... High Unreviewed
CVE-2019-13539 was published May 24, 2022
Rack Gem Subject to Denial of Service via Hash Collisions Moderate
CVE-2011-5036 was published for org.jruby:jruby-parent (RubyGems) May 17, 2022
OpenStack Glance Signature Verification Bypass Moderate
CVE-2015-8234 was published for glance (pip) May 17, 2022
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API