Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
Aescrypt does not sufficiently use random values High
CVE-2013-7463 was published for aescrypt (RubyGems) Oct 24, 2017
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37400 was published Aug 16, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26306 was published Jul 26, 2022
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers... High Unreviewed
CVE-2023-26855 was published Apr 4, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2022-43636 was published Mar 29, 2023
Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and... High Unreviewed
CVE-2023-0343 was published Mar 31, 2023
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote... High Unreviewed
CVE-2017-10874 was published May 17, 2022
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide... High Unreviewed
CVE-2022-30782 was published May 17, 2022
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum... High Unreviewed
CVE-2018-17987 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database