GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
79 advisories
Filter by severity
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it...
Moderate
Unreviewed
CVE-2008-4905
was published
May 17, 2022
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded...
Moderate
Unreviewed
CVE-2008-4929
was published
May 17, 2022
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random...
Moderate
Unreviewed
CVE-2015-9019
was published
May 17, 2022
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to...
Moderate
Unreviewed
CVE-2018-11045
was published
May 14, 2022
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares...
Moderate
Unreviewed
CVE-2018-19983
was published
May 13, 2022
On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single...
Moderate
Unreviewed
CVE-2017-17910
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity...
Moderate
Unreviewed
CVE-2017-13088
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL)...
Moderate
Unreviewed
CVE-2017-13084
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup ...
Moderate
Unreviewed
CVE-2017-13086
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group...
Moderate
Unreviewed
CVE-2017-13087
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the...
Moderate
Unreviewed
CVE-2017-13081
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the...
Moderate
Unreviewed
CVE-2017-13079
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK)...
Moderate
Unreviewed
CVE-2017-13077
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK)...
Moderate
Unreviewed
CVE-2017-13078
was published
May 13, 2022
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to...
Moderate
Unreviewed
CVE-2017-12361
was published
May 13, 2022
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology...
Moderate
Unreviewed
CVE-2018-13280
was published
May 13, 2022
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared...
Moderate
Unreviewed
CVE-2018-1279
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK)...
Moderate
Unreviewed
CVE-2017-13080
was published
May 13, 2022
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's...
Moderate
Unreviewed
CVE-2018-1108
was published
May 13, 2022
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x...
Moderate
Unreviewed
CVE-2015-3963
was published
May 13, 2022
SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value
Moderate
Unreviewed
CVE-2022-29930
was published
May 13, 2022
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41994
was published
May 3, 2022
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41993
was published
May 3, 2022
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0...
Moderate
Unreviewed
CVE-2009-0255
was published
May 2, 2022
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e...
Moderate
Unreviewed
CVE-2008-2020
was published
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API