Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the... High Unreviewed
CVE-2022-3010 was published Jan 2, 2024
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901.... Low Unreviewed
CVE-2023-4986 was published Sep 15, 2023
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers... High Unreviewed
CVE-2023-5846 was published Nov 2, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46133 was published for crypto-es (npm) Oct 25, 2023
Zemnmez
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
Use of Password Hash With Insufficient Computational Effort in Apache Derby Moderate
CVE-2009-4269 was published for org.apache.derby:derby (Maven) May 2, 2022
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker... High Unreviewed
CVE-2021-43989 was published Dec 24, 2021
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered... Moderate Unreviewed
CVE-2021-38314 was published May 24, 2022
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
A use of password hash with insufficient computational effort vulnerability [CWE-916] in... High Unreviewed
CVE-2022-26115 was published Feb 16, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password... Moderate Unreviewed
CVE-2022-0022 was published Mar 10, 2022
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%... High Unreviewed
CVE-2018-9233 was published May 13, 2022
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users... Critical Unreviewed
CVE-2018-15680 was published May 13, 2022
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and... High Unreviewed
CVE-2018-1447 was published May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for... Moderate Unreviewed
CVE-2017-11131 was published May 13, 2022
Password recovery exploitation vulnerability in the non-certificate-based authentication... Critical Unreviewed
CVE-2017-3962 was published May 13, 2022
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password... Critical Unreviewed
CVE-2018-10618 was published May 13, 2022
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Improper rate limiting in Koel High
CVE-2021-33563 was published for phanan/koel (Composer) Jun 1, 2021
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker... Critical Unreviewed
CVE-2019-6563 was published May 13, 2022
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations... High Unreviewed
CVE-2019-7649 was published May 13, 2022
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing... High Unreviewed
CVE-2019-0030 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database