GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,250
Composer 4,350
Erlang 31
GitHub Actions 22
Go 2,119
Maven 5,292
npm 3,778
NuGet 680
pip 3,459
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,818

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

192 advisories

Filter by severity

Sort by

Least recently updated

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications... Moderate Unreviewed

CVE-2020-20950 was published May 24, 2022

Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAfee Database Security Server... Moderate Unreviewed

CVE-2020-7339 was published May 24, 2022

IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms... Moderate Unreviewed

CVE-2020-4624 was published May 24, 2022

Untangle Firewall NG before 16.0 uses MD5 for passwords. Moderate Unreviewed

CVE-2020-17494 was published May 24, 2022

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed... Moderate Unreviewed

CVE-2020-5943 was published May 24, 2022

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time... Moderate Unreviewed

CVE-2020-12401 was published May 24, 2022

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of... Moderate Unreviewed

CVE-2020-24619 was published May 24, 2022

A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka ... Moderate Unreviewed

CVE-2020-1596 was published May 24, 2022

During RSA key generation, bignum implementations used a variation of the Binary Extended... Moderate Unreviewed

CVE-2020-12402 was published May 24, 2022

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 ... Moderate Unreviewed

CVE-2020-7511 was published May 24, 2022

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of... Moderate Unreviewed

CVE-2020-13777 was published May 24, 2022

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242... Moderate Unreviewed

CVE-2020-11876 was published May 24, 2022

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that... Moderate Unreviewed

CVE-2020-10932 was published May 24, 2022

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed

CVE-2020-11713 was published May 24, 2022

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is... Moderate Unreviewed

CVE-2020-11501 was published May 24, 2022

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and... Moderate Unreviewed

CVE-2020-10601 was published May 24, 2022

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file... Moderate Unreviewed

CVE-2020-10560 was published May 24, 2022

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than... Moderate Unreviewed

CVE-2020-10788 was published May 24, 2022

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR... Moderate Unreviewed

CVE-2019-19299 was published May 24, 2022

There is a weak algorithm vulnerability in some Huawei products. The affected products use weak... Moderate Unreviewed

CVE-2019-19397 was published May 24, 2022

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the... Moderate Unreviewed

CVE-2019-16863 was published May 24, 2022

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential... Moderate Unreviewed

CVE-2019-18659 was published May 24, 2022

On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture... Moderate Unreviewed

CVE-2019-11341 was published May 24, 2022

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used... Moderate Unreviewed

CVE-2018-5745 was published May 24, 2022

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This... Moderate Unreviewed

CVE-2019-13629 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

192 advisories