Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

469 advisories

Loading
In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition... Moderate Unreviewed
CVE-2024-26317 was published Jan 27, 2025
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a... Critical Unreviewed
CVE-2022-3365 was published Jan 28, 2025
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs... Critical Unreviewed
CVE-2022-36937 was published May 10, 2023
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0... Moderate Unreviewed
CVE-2024-27256 was published Jan 27, 2025
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect... Moderate Unreviewed
CVE-2024-38320 was published Jan 27, 2025
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than... Moderate Unreviewed
CVE-2024-22347 was published Jan 20, 2025
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used... High Unreviewed
CVE-2024-8603 was published Jan 15, 2025
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an... Moderate Unreviewed
CVE-2022-46140 was published Dec 13, 2022
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-52366 was published Jan 7, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected... Moderate Unreviewed
CVE-2024-41763 was published Jan 4, 2025
Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm High Unreviewed
CVE-2024-47921 was published Dec 30, 2024
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber... Low Unreviewed
CVE-2024-55539 was published Dec 23, 2024
Beego has Collision Hazards of MD5 in Cache Key Filenames Moderate
CVE-2024-55885 was published for github.com/beego/beego (Go) Dec 12, 2024
kexinoh
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic... Moderate Unreviewed
CVE-2024-28980 was published Dec 13, 2024
Bit flip attack vulnerability in cookie-encrypter High
CVE-2024-53441 was published for cookie-encrypter (npm) Dec 9, 2024
mathysEthical
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information... Low Unreviewed
CVE-2023-37395 was published Dec 11, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2024-41775 was published Dec 3, 2024
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies Moderate
CVE-2024-52801 was published for github.com/drakkan/sftpgo/v2 (Go) Dec 2, 2024
denisvr72
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is... Moderate Unreviewed
CVE-2023-40660 was published Nov 6, 2023
Vyper sha3 codegen bug Low
CVE-2024-24559 was published for vyper (pip) Feb 5, 2024
cyberthirst kuroi8
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits... Moderate Unreviewed
CVE-2024-28834 was published Mar 21, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys Critical
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability Critical
CVE-2023-34758 was published for github.com/bishopfox/sliver (Go) Jun 21, 2023
In modem, there is a possible information disclosure due to using risky cryptographic algorithm... Moderate Unreviewed
CVE-2024-20070 was published Jun 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database