Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50937 was published Feb 2, 2024
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow... Moderate Unreviewed
CVE-2023-50939 was published Feb 2, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ... Moderate Unreviewed
CVE-2020-1596 was published May 24, 2022
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms... Moderate Unreviewed
CVE-2022-43843 was published Dec 14, 2023
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to... Moderate Unreviewed
CVE-2023-26024 was published Dec 1, 2023
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,... Moderate Unreviewed
CVE-2021-27795 was published Dec 6, 2023
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively... Moderate Unreviewed
CVE-2022-24403 was published Dec 5, 2023
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an... Moderate Unreviewed
CVE-2023-38361 was published Nov 18, 2023
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server... Moderate Unreviewed
CVE-2020-7339 was published May 24, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the... Moderate Unreviewed
CVE-2021-3979 was published Aug 26, 2022
python-apt Flawed Package Integrity Check Moderate
CVE-2019-15795 was published for python-apt (pip) May 24, 2022
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state... Moderate Unreviewed
CVE-2015-2808 was published May 13, 2022
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
Logic error in Matrix SDK for Android Moderate
CVE-2021-40824 was published for org.matrix.android:matrix-android-sdk2 (Maven) May 24, 2022
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0... Moderate Unreviewed
CVE-2021-26099 was published May 24, 2022
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a... Moderate Unreviewed
CVE-2021-23993 was published May 24, 2022
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS... Moderate Unreviewed
CVE-2021-32591 was published Dec 9, 2021
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than... Moderate Unreviewed
CVE-2022-22310 was published Jan 20, 2022
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query... Moderate Unreviewed
CVE-2021-37606 was published May 24, 2022
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Moderate Unreviewed
CVE-2021-25761 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database