Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

399 advisories

Loading
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber... Moderate Unreviewed
CVE-2025-48960 was published Jun 4, 2025
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded... Moderate Unreviewed
CVE-2025-43925 was published Jun 3, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6... Moderate Unreviewed
CVE-2024-38341 was published May 28, 2025
A vulnerability classified as problematic was found in calmkart Django-sso-server up to... Moderate Unreviewed
CVE-2025-4894 was published May 18, 2025
Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on... Moderate Unreviewed
CVE-2025-27524 was published May 15, 2025
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge... Moderate Unreviewed
CVE-2025-22446 was published May 13, 2025
In Modem, there is a possible information disclosure due to incorrect error handling. This could... High Unreviewed
CVE-2025-20667 was published May 5, 2025
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management... High Unreviewed
CVE-2025-46626 was published May 2, 2025
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities.... Low Unreviewed
CVE-2024-42177 was published Apr 17, 2025
The use of a weak cryptographic key pair in the signature verification process in WPS Office ... Critical Unreviewed
CVE-2025-2516 was published Mar 27, 2025
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as... Low Unreviewed
CVE-2025-2349 was published Mar 17, 2025
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC... High Unreviewed
CVE-2024-54089 was published Feb 11, 2025
Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more... Moderate Unreviewed
CVE-2024-13454 was published Jan 20, 2025
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify®... Moderate Unreviewed
CVE-2024-13026 was published Jan 17, 2025
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800,... Moderate Unreviewed
CVE-2024-45259 was published Oct 24, 2024
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows... Low Unreviewed
CVE-2023-6728 was published Oct 17, 2024
An unauthenticated local attacker can decrypt the devices config file and therefore compromise... High Unreviewed
CVE-2024-45273 was published Oct 15, 2024
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive... High Unreviewed
CVE-2024-41594 was published Oct 3, 2024
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain... High Unreviewed
CVE-2024-8455 was published Sep 30, 2024
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. High Unreviewed
CVE-2024-22892 was published Sep 25, 2024
Insufficient or weak TLS protocol version identified in Advance authentication client server... High Unreviewed
CVE-2021-38121 was published Aug 28, 2024
Inadequate encryption strength for some BMRA software before version 22.08 may allow an... High Unreviewed
CVE-2024-21787 was published Aug 14, 2024
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The... Moderate Unreviewed
CVE-2024-41681 was published Aug 13, 2024
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation... High Unreviewed
CVE-2024-5800 was published Aug 12, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow... High Unreviewed
CVE-2024-42163 was published Aug 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database