Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

216 advisories

Loading
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
Command Injection in Apache James Moderate
CVE-2021-38542 was published for org.apache.james:james-server (Maven) Jan 8, 2022
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in... Moderate Unreviewed
CVE-2021-43550 was published Dec 28, 2021
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information... Moderate Unreviewed
CVE-2021-45486 was published Dec 26, 2021
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS... Moderate Unreviewed
CVE-2021-32591 was published Dec 9, 2021
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is... Moderate Unreviewed
CVE-2021-22356 was published Nov 24, 2021
Broken encryption in EdgeX Foundry Moderate
CVE-2021-41278 was published for github.com/edgexfoundry/app-functions-sdk-go (Go) Nov 19, 2021
bnevis-i
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
Insecure Cryptography Algorithm in simple-crypto-js Moderate
GHSA-5v7r-jg9r-vq44 was published for simple-crypto-js (npm) Sep 3, 2020
tdunlap607
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt Moderate
CVE-2020-7689 was published for bcrypt (npm) Aug 20, 2020
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
Invalid Curve Attack in openpgp Moderate
CVE-2019-9155 was published for openpgp (npm) Aug 23, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database