GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Python Keyring does not securely initialize encryption cipher
High
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
mycli has Inadequate Encryption Strength
Moderate
CVE-2023-44690
was published
for
mycli
(pip)
Oct 20, 2023
Apache Answer: Avatar URL leaked user email addresses
Moderate
CVE-2024-40761
was published
for
github.com/apache/incubator-answer
(Go)
Sep 25, 2024
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
Beaker Sensitive Information Disclosure vulnerability
Moderate
CVE-2012-3458
was published
for
beaker
(pip)
May 17, 2022
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
High
CVE-2024-23656
was published
for
github.com/dexidp/dex
(Go)
Jan 26, 2024
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Weak encryption in Ninja Core
Moderate
CVE-2024-36823
was published
for
org.ninjaframework:ninja-core
(Maven)
Jun 7, 2024
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
SimpleSAMLphp Incorrect IV generation for encryption
Moderate
CVE-2017-12871
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function
Moderate
CVE-2010-3670
was published
for
typo3/cms-frontend
(Composer)
Apr 21, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
esptool allows attackers to view sensitive information via weak cryptographic algorithm
High
CVE-2023-46894
was published
for
esptool
(pip)
Nov 9, 2023
Dgraph Audit Log Encryption Vulnerability
Moderate
CVE-2023-31135
was published
for
github.com/dgraph-io/dgraph
(Go)
May 17, 2023
Inadequate Encryption Strength in python-keystoneclient
Critical
CVE-2013-2166
was published
for
python-keystoneclient
(pip)
Oct 12, 2021
Dolibarr ERP and CRM Insecure Encryption
Critical
CVE-2017-7888
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Moderate
CVE-2022-29161
was published
for
org.xwiki.platform:xwiki-platform-crypto
(Maven)
May 24, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Weak Cryptography in PHP-Proxy
High
CVE-2018-19784
was published
for
athlon1600/php-proxy
(Composer)
May 13, 2022
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Moderate
CVE-2022-2582
was published
for
github.com/aws/aws-sdk-go
(Go)
Dec 28, 2022
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API