Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin High
CVE-2026-33488 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
php-jwt contains weak encryption Low
CVE-2025-45769 was published for firebase/php-jwt (Composer) Jul 31, 2025
wizardist Credited to wizardist and derhansen derhansen derhansen
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263 Credited to knqyf263
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt Credited to nrktkt
Apache Spark has Inadequate Encryption Strength Moderate
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-18325 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-15811 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
CVE-2025-55248 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 15, 2025
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
GHSA-987x-96fq-9384 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 14, 2025 withdrawn
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
Apache Answer: Avatar URL leaked user email addresses Moderate
CVE-2024-40761 was published for github.com/apache/incubator-answer (Go) Sep 25, 2024
oscerd Credited to oscerd
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid Credited to tuminoid
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability High
CVE-2024-39928 was published for org.apache.linkis:linkis-engineplugin-spark (Maven) Sep 25, 2024
oscerd Credited to oscerd
Apache Wicket insecure defaults High
CVE-2014-7808 was published for org.apache.wicket:wicket-core (Maven) May 13, 2022
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding Moderate
CVE-2013-6372 was published for org.jenkins-ci.plugins:subversion (Maven) May 17, 2022
Apache Tomcat - XSS in generated JSPs Moderate
CVE-2024-52318 was published for org.apache.tomcat:tomcat-jasper (Maven) Nov 18, 2024
Apache Tomcat Request and/or response mix-up Moderate
CVE-2024-52317 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 18, 2024
Inadequate Encryption Strength Critical
CVE-2017-1000486 was published for org.primefaces:primefaces (Maven) Jun 3, 2021
magic-crypt uses insecure cryptographic algorithms Low
GHSA-gmx7-gr5q-85w5 was published for magic-crypt (Rust) Dec 30, 2024
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Apache Answer: Predictable Authorization Token Using UUIDv1 Low
CVE-2024-45719 was published for github.com/apache/incubator-answer (Go) Nov 22, 2024
upydev has weak encryption padding High
CVE-2023-48051 was published for upydev (pip) Nov 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database