GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
160 advisories
Filter by severity
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a...
High
Unreviewed
CVE-2022-43460
was published
Feb 13, 2023
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows...
High
Unreviewed
CVE-2023-21443
was published
Feb 9, 2023
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers...
High
Unreviewed
CVE-2023-21444
was published
Feb 9, 2023
An unauthorized user with network access and the decryption key could decrypt sensitive data,...
High
Unreviewed
CVE-2022-38469
was published
Jan 18, 2023
In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is...
High
Unreviewed
CVE-2022-38659
was published
Dec 19, 2022
The application was signed using a key length less than or equal to 1024 bits, making it...
High
Unreviewed
CVE-2020-4099
was published
Nov 1, 2022
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to...
High
Unreviewed
CVE-2022-40141
was published
Sep 20, 2022
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which...
High
Unreviewed
CVE-2022-2083
was published
Sep 6, 2022
Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an...
High
Unreviewed
CVE-2022-21139
was published
Aug 19, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37400
was published
Aug 16, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
On specific devices, there is a possible bypass of configuration integrity due to improperly used...
High
Unreviewed
CVE-2022-20374
was published
Aug 12, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26307
was published
Jul 26, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26306
was published
Jul 26, 2022
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that...
High
Unreviewed
CVE-2022-22453
was published
Jul 15, 2022
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than...
High
Unreviewed
CVE-2022-22464
was published
Jul 9, 2022
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a...
High
Unreviewed
CVE-2020-4778
was published
May 24, 2022
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform ...
High
Unreviewed
CVE-2019-13539
was published
May 24, 2022
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that...
High
Unreviewed
CVE-2019-4256
was published
May 24, 2022
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38891
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash...
High
Unreviewed
CVE-2021-38979
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38983
was published
May 24, 2022
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic...
High
Unreviewed
CVE-2021-38984
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption...
High
Unreviewed
CVE-2021-38464
was published
May 24, 2022
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could...
High
Unreviewed
CVE-2021-38862
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API