Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
The hard drives of the device are not encrypted using a full volume encryption feature such as... High Unreviewed
CVE-2025-27460 was published Jul 3, 2025
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
Credited to knqyf263
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on... High Unreviewed
CVE-2025-7398 was published Jul 18, 2025
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes... Low Unreviewed
CVE-2026-0510 was published Jan 13, 2026
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation... High Unreviewed
CVE-2024-5800 was published Aug 12, 2024
Hash collision in typelevel jawn Moderate
CVE-2022-21653 was published for org.typelevel:jawn-parser_0.25 (Maven) Jan 6, 2022
nrktkt
Credited to nrktkt
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check... Moderate Unreviewed
CVE-2025-39889 was published Sep 24, 2025
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027,... High Unreviewed
CVE-2025-65295 was published Dec 11, 2025
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS ... Moderate Unreviewed
CVE-2025-11935 was published Nov 22, 2025
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E... Moderate Unreviewed
CVE-2025-41743 was published Dec 2, 2025
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A... High Unreviewed
CVE-2025-32874 was published Jul 16, 2025
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0... Moderate Unreviewed
CVE-2025-12439 was published Nov 10, 2025
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19... Critical Unreviewed
CVE-2025-12478 was published Oct 29, 2025
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as... Low Unreviewed
CVE-2025-2349 was published Mar 17, 2025
Apache Spark has Inadequate Encryption Strength Moderate
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query,... Moderate Unreviewed
CVE-2020-25685 was published May 24, 2022
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to... Moderate Unreviewed
CVE-2020-10125 was published May 24, 2022
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys... Moderate Unreviewed
CVE-2023-4333 was published Aug 15, 2023
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow... Moderate Unreviewed
CVE-2020-10377 was published May 24, 2022
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak... Low Unreviewed
CVE-2014-2381 was published May 17, 2022
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak... High Unreviewed
CVE-2014-2380 was published May 17, 2022
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-18325 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Inadequate Encryption Strength in DotNetNuke High
CVE-2018-15811 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2... Critical Unreviewed
CVE-2017-11317 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database