Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

436 advisories

Loading
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected... High Unreviewed
CVE-2021-20337 was published May 24, 2022
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1... Moderate Unreviewed
CVE-2021-31798 was published May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash... High Unreviewed
CVE-2021-38979 was published May 24, 2022
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer.... High Unreviewed
CVE-2021-27457 was published May 24, 2022
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component... Moderate Unreviewed
CVE-2021-41061 was published May 24, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an... High Unreviewed
CVE-2022-21139 was published Aug 19, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method... Moderate Unreviewed
CVE-2022-41209 was published Oct 12, 2022
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow... High Unreviewed
CVE-2017-1224 was published May 17, 2022
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and... Moderate Unreviewed
CVE-2017-2391 was published May 17, 2022
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2017-1179 was published May 17, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than... High Unreviewed
CVE-2022-22464 was published Jul 9, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or... Critical Unreviewed
CVE-2017-7229 was published May 17, 2022
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure... High Unreviewed
CVE-2017-1319 was published May 17, 2022
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix... Critical Unreviewed
CVE-2017-7903 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue... High Unreviewed
CVE-2017-2380 was published May 17, 2022
Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the... Moderate Unreviewed
CVE-2016-10104 was published May 17, 2022
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow... High Unreviewed
CVE-2016-2379 was published May 17, 2022
Due to a lack of standard encryption when transmitting sensitive information over the internet to... High Unreviewed
CVE-2017-5239 was published May 17, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that... High Unreviewed
CVE-2022-22453 was published Jul 15, 2022
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently... High Unreviewed
CVE-2017-5999 was published May 17, 2022
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. High Unreviewed
CVE-2016-5056 was published May 17, 2022
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a... High Unreviewed
CVE-2016-2879 was published May 17, 2022
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is... Critical Unreviewed
CVE-2017-8076 was published May 17, 2022
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the... Moderate Unreviewed
CVE-2022-34826 was published Jul 16, 2022
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and... High Unreviewed
CVE-2016-10102 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database