Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,356
NuGet
765
pip
4,119
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901.... Low Unreviewed
CVE-2023-4986 was published Sep 15, 2023
Buttercup allows attackers to obtain the hash of the master password Moderate
CVE-2023-41646 was published for buttercup (npm) Sep 8, 2023
perry-mitchell
Credited to perry-mitchell
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an... High Unreviewed
CVE-2023-31412 was published Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm. Critical Unreviewed
CVE-2023-34433 was published Jul 7, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows... High Unreviewed
CVE-2023-33243 was published Jun 15, 2023
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
Credited to jreklund
A use of password hash with insufficient computational effort vulnerability [CWE-916] in... High Unreviewed
CVE-2022-26115 was published Feb 16, 2023
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
Credited to tranca
The application was vulnerable to an authenticated information disclosure, allowing... Moderate Unreviewed
CVE-2022-40295 was published Nov 1, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes... Moderate Unreviewed
CVE-2022-29731 was published Jun 3, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6... High Unreviewed
CVE-2021-32997 was published May 26, 2022
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA ... Moderate Unreviewed
CVE-2021-22741 was published May 24, 2022
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered... Moderate Unreviewed
CVE-2021-38314 was published May 24, 2022
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that... Critical Unreviewed
CVE-2021-36767 was published May 24, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are... High Unreviewed
CVE-2021-23855 was published May 24, 2022
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the... Moderate Unreviewed
CVE-2021-38400 was published May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords... Moderate Unreviewed
CVE-2021-33003 was published May 24, 2022
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of... High Unreviewed
CVE-2021-32596 was published May 24, 2022
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 /... High Unreviewed
CVE-2021-22774 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database