Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

483 advisories

Loading
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows... High Unreviewed
CVE-2024-50550 was published Oct 29, 2024
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the ... High Unreviewed
CVE-2026-28377 was published Mar 27, 2026
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin High
CVE-2026-33488 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password... Moderate Unreviewed
CVE-2002-1872 was published Apr 30, 2022
Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that... Moderate Unreviewed
CVE-2002-1697 was published Apr 30, 2022
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for... Moderate Unreviewed
CVE-2005-2281 was published May 1, 2022
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the... Low Unreviewed
CVE-2002-1682 was published Apr 30, 2022
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password"... Low Unreviewed
CVE-2002-1946 was published Apr 30, 2022
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords ... Moderate Unreviewed
CVE-2002-1910 was published Apr 30, 2022
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user... Low Unreviewed
CVE-2002-1739 was published Apr 30, 2022
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote... Moderate Unreviewed
CVE-2004-2172 was published Apr 29, 2022
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users... Moderate Unreviewed
CVE-2001-1546 was published Apr 30, 2022
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password... Low Unreviewed
CVE-2002-1975 was published Apr 30, 2022
Session data between cluster nodes during cluster synchronization is not properly encrypted in... Critical Unreviewed
CVE-2018-20810 was published May 24, 2022
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5... Moderate Unreviewed
CVE-2008-3188 was published May 1, 2022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check... Moderate Unreviewed
CVE-2025-39889 was published Sep 24, 2025
php-jwt contains weak encryption Low
CVE-2025-45769 was published for firebase/php-jwt (Composer) Jul 31, 2025
wizardist Credited to wizardist and derhansen derhansen derhansen
The fingerprint module has a security risk of brute force cracking. Successful exploitation of... Moderate Unreviewed
CVE-2021-40006 was published Jan 11, 2022
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected... Moderate Unreviewed
CVE-2025-36379 was published Feb 17, 2026
The hard drives of the device are not encrypted using a full volume encryption feature such as... High Unreviewed
CVE-2025-27460 was published Jul 3, 2025
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263 Credited to knqyf263
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on... High Unreviewed
CVE-2025-7398 was published Jul 18, 2025
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes... Low Unreviewed
CVE-2026-0510 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database