GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Dozzle uses unsafe hash for passwords
Low
CVE-2024-47182
was published
for
github.com/amir20/dozzle
(Go)
Oct 9, 2024
Certain switch models from PLANET Technology use an insecure hashing function to hash user...
Moderate
Unreviewed
CVE-2024-8453
was published
Sep 30, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40465
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to...
Moderate
Unreviewed
CVE-2024-32211
was published
May 1, 2024
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker...
Moderate
Unreviewed
CVE-2024-1040
was published
Feb 2, 2024
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware...
Moderate
Unreviewed
CVE-2023-5962
was published
Dec 23, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Moderate
Unreviewed
CVE-2023-44319
was published
Nov 14, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
Vault Key Sealed With SHA1 PCRs
The measured boot solution implemented in EVE OS leans on...
High
Unreviewed
CVE-2023-43635
was published
Sep 20, 2023
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was...
High
Unreviewed
CVE-2023-43630
was published
Sep 20, 2023
A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as...
Low
Unreviewed
CVE-2023-2900
was published
May 25, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak...
Moderate
Unreviewed
CVE-2023-0452
was published
Jan 26, 2023
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse...
Moderate
Unreviewed
CVE-2022-3433
was published
Oct 11, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An...
Moderate
Unreviewed
CVE-2022-29835
was published
Sep 20, 2022
Reversible One-Way Hash in io.github.javaezlib:JavaEZ
High
CVE-2022-29249
was published
for
io.github.javaezlib:JavaEZ
(Maven)
May 25, 2022
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform ...
High
Unreviewed
CVE-2019-13539
was published
May 24, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
OpenStack Glance Signature Verification Bypass
Moderate
CVE-2015-8234
was published
for
glance
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API