GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
382 advisories
Filter by severity
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by...
Low
Unreviewed
CVE-2020-12872
was published
May 24, 2022
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker...
High
Unreviewed
CVE-2021-37188
was published
Dec 11, 2021
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some...
High
Unreviewed
CVE-2021-22170
was published
Dec 7, 2021
An attacker could decipher the encryption and gain access to MDT AutoSave versions prior to v6.02...
High
Unreviewed
CVE-2021-32945
was published
Apr 3, 2022
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who...
High
Unreviewed
CVE-2021-45104
was published
Apr 7, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART...
High
Unreviewed
CVE-2021-20161
was published
Dec 31, 2021
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2...
Critical
Unreviewed
CVE-2020-26197
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-29694
was published
May 24, 2022
The NPort IA5000A Series devices use Telnet as one of the network device management services....
Moderate
Unreviewed
CVE-2020-27184
was published
May 24, 2022
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2...
Moderate
Unreviewed
CVE-2021-31615
was published
May 24, 2022
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
High
Unreviewed
CVE-2021-28213
was published
May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic...
Critical
Unreviewed
CVE-2021-27200
was published
May 24, 2022
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow...
High
Unreviewed
CVE-2020-4965
was published
May 24, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4...
Critical
Unreviewed
CVE-2021-24020
was published
May 24, 2022
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.
Moderate
Unreviewed
CVE-2021-37587
was published
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
Moderate
Unreviewed
CVE-2021-37551
was published
May 24, 2022
IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which...
High
Unreviewed
CVE-2021-29794
was published
May 24, 2022
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the...
Low
Unreviewed
CVE-2020-14263
was published
May 24, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming...
Moderate
Unreviewed
CVE-2022-2758
was published
Sep 1, 2022
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may...
High
Unreviewed
CVE-2021-31796
was published
May 24, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number...
High
Unreviewed
CVE-2021-41829
was published
May 24, 2022
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted...
Moderate
Unreviewed
CVE-2021-37546
was published
May 24, 2022
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected...
High
Unreviewed
CVE-2021-20337
was published
May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1...
Moderate
Unreviewed
CVE-2021-31798
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash...
High
Unreviewed
CVE-2021-38979
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API