Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

241 advisories

Loading
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Moderate Unreviewed
CVE-2022-21800 was published Feb 19, 2022
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG)... Moderate Unreviewed
CVE-2022-20805 was published Apr 22, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An... Moderate Unreviewed
CVE-2022-29835 was published Sep 20, 2022
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. Moderate Unreviewed
CVE-2021-25761 was published May 24, 2022
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query... Moderate Unreviewed
CVE-2021-37606 was published May 24, 2022
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than... Moderate Unreviewed
CVE-2022-22310 was published Jan 20, 2022
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS... Moderate Unreviewed
CVE-2021-32591 was published Dec 9, 2021
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a... Moderate Unreviewed
CVE-2021-23993 was published May 24, 2022
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0... Moderate Unreviewed
CVE-2021-26099 was published May 24, 2022
Logic error in Matrix SDK for Android Moderate
CVE-2021-40824 was published for org.matrix.android:matrix-android-sdk2 (Maven) May 24, 2022
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
python-apt Flawed Package Integrity Check Moderate
CVE-2019-15795 was published for python-apt (pip) May 24, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the... Moderate Unreviewed
CVE-2021-3979 was published Aug 26, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server... Moderate Unreviewed
CVE-2020-7339 was published May 24, 2022
IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an... Moderate Unreviewed
CVE-2023-38361 was published Nov 18, 2023
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively... Moderate Unreviewed
CVE-2022-24403 was published Dec 5, 2023
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,... Moderate Unreviewed
CVE-2021-27795 was published Dec 6, 2023
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to... Moderate Unreviewed
CVE-2023-26024 was published Dec 1, 2023
IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms... Moderate Unreviewed
CVE-2022-43843 was published Dec 14, 2023
A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ... Moderate Unreviewed
CVE-2020-1596 was published May 24, 2022
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database