Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,426
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37400 was published Aug 16, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Aescrypt does not sufficiently use random values High
CVE-2013-7463 was published for aescrypt (RubyGems) Oct 24, 2017
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently... High Unreviewed
CVE-2009-2158 was published May 2, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business... High Unreviewed
CVE-2008-2433 was published May 1, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses... High Unreviewed
CVE-2008-0087 was published May 1, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including... High Unreviewed
CVE-2019-11641 was published May 24, 2022
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker... High Unreviewed
CVE-2023-1898 was published Jun 12, 2023
Use of insufficiently random values vulnerability in User Management Functionality in Synology... High Unreviewed
CVE-2023-2729 was published Jun 13, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of... High Unreviewed
CVE-2023-1385 was published Jul 6, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ... High Unreviewed
CVE-2020-27213 was published Oct 10, 2023
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of... High Unreviewed
CVE-2023-34353 was published Sep 5, 2023
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon... High Unreviewed
CVE-2020-1472 was published May 24, 2022
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All... High Unreviewed
CVE-2024-35292 was published Jun 11, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th... High Unreviewed
CVE-2024-25943 was published Jun 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database