Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,679
NuGet
649
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

421 advisories

Loading
A compromised web child process could disable web security opening restrictions, leading to a new... Moderate Unreviewed
CVE-2023-23597 was published Jun 2, 2023
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can... Moderate Unreviewed
CVE-2023-33982 was published May 24, 2023
Dgraph Audit Log Encryption Vulnerability Moderate
CVE-2023-31135 was published for github.com/dgraph-io/dgraph (Go) May 17, 2023
HakuPiku joshua-goldstein
skrdgraph
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool... Moderate Unreviewed
CVE-2023-1764 was published May 17, 2023
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40... High Unreviewed
CVE-2022-4048 was published May 15, 2023
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard... High Unreviewed
CVE-2023-30351 was published May 10, 2023
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier)... Moderate Unreviewed
CVE-2023-28124 was published Apr 19, 2023
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE... Moderate Unreviewed
CVE-2023-29054 was published Apr 11, 2023
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote... High Unreviewed
CVE-2023-27389 was published Apr 11, 2023
Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for... Moderate Unreviewed
CVE-2023-22271 was published Mar 22, 2023
An improper access control vulnerability exists prior to v6 that could allow an attacker to break... High Unreviewed
CVE-2023-23911 was published Mar 11, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a... High Unreviewed
CVE-2022-43460 was published Feb 13, 2023
Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A... Moderate Unreviewed
CVE-2022-34445 was published Feb 11, 2023
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version... Moderate Unreviewed
CVE-2022-34385 was published Feb 11, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers... High Unreviewed
CVE-2023-21444 was published Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows... High Unreviewed
CVE-2023-21443 was published Feb 9, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,... High Unreviewed
CVE-2022-38469 was published Jan 18, 2023
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt... Moderate Unreviewed
CVE-2021-40341 was published Jan 6, 2023
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
Certain General Electric Renewable Energy products have inadequate encryption strength. This... Critical Unreviewed
CVE-2022-24116 was published Dec 26, 2022
When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed
CVE-2022-1520 was published Dec 22, 2022
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is... High Unreviewed
CVE-2022-38659 was published Dec 19, 2022
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open... Low Unreviewed
CVE-2022-46825 was published Dec 8, 2022
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up... Moderate Unreviewed
CVE-2022-4036 was published Nov 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database