Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

410 advisories

Kwik does not discard unused encryption keys Moderate
CVE-2024-22588 was published for tech.kwik:kwik (Maven) May 24, 2024
The Progress MOVEit Automation configuration export function prior to 2024.0.1 uses a... Moderate Unreviewed
CVE-2024-4563 was published May 22, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
github.com/bincyber/go-sqlcrypter vulnerable to IV collision Low
GHSA-2j6r-9vv4-6gf5 was published for github.com/bincyber/go-sqlcrypter (Go) May 20, 2024
fuel/core Crypt encryption compromised. Moderate
GHSA-fgrx-4637-fcf5 was published for fuel/core (Composer) May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption Moderate
GHSA-87mp-xc4x-x8rh was published for asymmetricrypt/asymmetricrypt (Composer) May 15, 2024
PHP Censor uses a weak hashing algorithm for the remember me key Moderate
CVE-2024-34914 was published for php-censor/php-censor (Composer) May 14, 2024
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky... Moderate Unreviewed
CVE-2024-25968 was published May 14, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2020-4874 was published May 3, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic... Moderate Unreviewed
CVE-2023-40696 was published May 3, 2024
python-jose algorithm confusion with OpenSSH ECDSA keys High
CVE-2024-33663 was published for python-jose (pip) Apr 26, 2024
Windows Authentication Elevation of Privilege Vulnerability Moderate Unreviewed
CVE-2024-29056 was published Apr 9, 2024
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for... Moderate Unreviewed
CVE-2023-50313 was published Apr 2, 2024
Withdrawn: JJWT improperly generates signing keys Moderate
CVE-2024-31033 was published for io.jsonwebtoken:jjwt-impl (Maven) Apr 1, 2024 withdrawn
ebickle
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic... Moderate Unreviewed
CVE-2024-25963 was published Mar 28, 2024
Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic... High Unreviewed
CVE-2024-22463 was published Mar 4, 2024
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3... Moderate Unreviewed
CVE-2024-27255 was published Mar 3, 2024
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An... Low Unreviewed
CVE-2024-22458 was published Mar 1, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than... Moderate Unreviewed
CVE-2023-50312 was published Mar 1, 2024
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware... Moderate Unreviewed
CVE-2023-51392 was published Feb 23, 2024
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34309 was published Feb 12, 2024
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2022-34310 was published Feb 12, 2024
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0,... Moderate Unreviewed
CVE-2024-22361 was published Feb 10, 2024
Vyper sha3 codegen bug Low
CVE-2024-24559 was published for vyper (pip) Feb 5, 2024
cyberthirst kuroi8
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation... Critical Unreviewed
CVE-2024-0323 was published Feb 5, 2024
ProTip! Advisories are also available from the GraphQL API