Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker... High Unreviewed
CVE-2021-43989 was published Dec 24, 2021
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt... High Unreviewed
CVE-2021-45450 was published Dec 22, 2021
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption... High Unreviewed
CVE-2021-45451 was published Dec 22, 2021
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. Critical Unreviewed
CVE-2021-42216 was published Dec 16, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic... High Unreviewed
CVE-2021-39058 was published Dec 14, 2021
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... High Unreviewed
CVE-2021-39002 was published Dec 10, 2021
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS... Moderate Unreviewed
CVE-2021-32591 was published Dec 9, 2021
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
Use of Sha-1 in tusdotnet Low
CVE-2021-44150 was published for tusdotnet (NuGet) Nov 29, 2021 withdrawn
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is... Moderate Unreviewed
CVE-2021-22356 was published Nov 24, 2021
Broken encryption in EdgeX Foundry Moderate
CVE-2021-41278 was published for github.com/edgexfoundry/app-functions-sdk-go (Go) Nov 19, 2021
bnevis-i
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness High
CVE-2020-8897 was published for aws-encryption-sdk (Maven) Oct 12, 2021
thaidn
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
Algorithms compute incorrect results in blake2 Critical
CVE-2019-16143 was published for blake2 (Rust) Aug 25, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform High
CVE-2019-19316 was published for github.com/hashicorp/terraform (Go) May 18, 2021
Timing attacks in python-rsa Moderate
CVE-2020-25658 was published for rsa (pip) Apr 30, 2021
Python-RSA decryption of ciphertext leads to DoS High
CVE-2020-13757 was published for rsa (pip) Mar 24, 2021
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
Ciphertext Malleability Issue in Tink Java Low
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
Insecure Cryptography Algorithm in parsel Critical
GHSA-wqgx-4q47-j2w5 was published for parsel (npm) Sep 4, 2020
Insecure Cryptography Algorithm in simple-crypto-js Moderate
GHSA-5v7r-jg9r-vq44 was published for simple-crypto-js (npm) Sep 3, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API