GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
High
CVE-2016-6485
was published
for
magento/community-edition
(Composer)
Nov 20, 2019
Password Hashing: Do not use MD5
Low
CVE-2020-5229
was published
for
org.opencastproject:opencast-common-jpa-impl
(Maven)
Jan 30, 2020
Insecure Cryptography Algorithm in parsel
Critical
GHSA-wqgx-4q47-j2w5
was published
for
parsel
(npm)
Sep 4, 2020
Unauthenticated Remote Code Execution in Apache JMeter
Critical
CVE-2019-0187
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
Mar 7, 2019
Ciphertext Malleability Issue in Tink Java
Low
CVE-2020-8929
was published
for
com.google.crypto.tink:tink
(Maven)
Oct 16, 2020
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Key confusion through non-blocklisted public key formats
High
CVE-2022-29217
was published
for
pyjwt
(pip)
May 24, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
High
CVE-2022-31158
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
Command Injection in Apache James
Moderate
CVE-2021-38542
was published
for
org.apache.james:james-server
(Maven)
Jan 8, 2022
Use of a weak cryptographic algorithm in Gradle
Low
CVE-2019-16370
was published
for
org.gradle:gradle-core
(Maven)
May 24, 2022
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
High
CVE-2018-1000180
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 16, 2018
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt
Moderate
CVE-2020-7689
was published
for
bcrypt
(npm)
Aug 20, 2020
Inadequate Encryption Strength in Apache NiFi
High
CVE-2020-9491
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Broken encryption in EdgeX Foundry
Moderate
CVE-2021-41278
was published
for
github.com/edgexfoundry/app-functions-sdk-go
(Go)
Nov 19, 2021
Use of Sha-1 in tusdotnet
Low
CVE-2021-44150
was published
for
tusdotnet
(NuGet)
Nov 29, 2021
•
withdrawn
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
High
CVE-2021-42583
was published
for
github.com/foxcpp/maddy
(Go)
Jan 6, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
Moderate
CVE-2011-2487
was published
for
org.apache.ws.security:wss4j
(Maven)
Apr 22, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2016-5431
was published
for
gree/jose
(Composer)
May 24, 2022
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
Chosen Ciphertext Attack in Jose4j
Moderate
GHSA-jgvc-jfgh-rjvv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Apr 27, 2023
ProTip!
Advisories are also available from the
GraphQL API