Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery Critical
CVE-2026-44523 was published for github.com/enchant97/note-mark/backend (Go) May 7, 2026
osageling Credited to osageling and enchant97 enchant97 enchant97
fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver Critical
CVE-2026-44351 was published for fast-jwt (npm) May 6, 2026
bhaswanthc Credited to bhaswanthc and SociableSteve SociableSteve SociableSteve
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain... Critical Unreviewed
CVE-2018-25272 was published Apr 22, 2026
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19... Critical Unreviewed
CVE-2025-12478 was published Oct 29, 2025
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective... Critical Unreviewed
CVE-2025-45765 was published Aug 7, 2025
The use of a weak cryptographic key pair in the signature verification process in WPS Office ... Critical Unreviewed
CVE-2025-2516 was published Mar 27, 2025
Under certain circumstances the communication between exacqVision Client and exacqVision Server... Critical Unreviewed
CVE-2024-32758 was published Aug 2, 2024
Apache Linkis Authentication Bypass vulnerability Critical
CVE-2023-27987 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by... Critical Unreviewed
CVE-2022-45141 was published Mar 7, 2023
Certain General Electric Renewable Energy products have inadequate encryption strength. This... Critical Unreviewed
CVE-2022-24116 was published Dec 26, 2022
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed
CVE-2021-42949 was published Sep 17, 2022
Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which... Critical Unreviewed
CVE-2022-36555 was published Aug 30, 2022
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4... Critical Unreviewed
CVE-2021-24020 was published May 24, 2022
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic... Critical Unreviewed
CVE-2021-27200 was published May 24, 2022
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX... Critical Unreviewed
CVE-2021-21507 was published May 24, 2022
Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2... Critical Unreviewed
CVE-2020-26197 was published May 24, 2022
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration... Critical Unreviewed
CVE-2020-29658 was published May 24, 2022
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory... Critical Unreviewed
CVE-2020-11684 was published May 24, 2022
Session data between cluster nodes during cluster synchronization is not properly encrypted in... Critical Unreviewed
CVE-2018-20810 was published May 24, 2022
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is... Critical Unreviewed
CVE-2017-8076 was published May 17, 2022
Dolibarr ERP and CRM Insecure Encryption Critical
CVE-2017-7888 was published for dolibarr/dolibarr (Composer) May 17, 2022
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or... Critical Unreviewed
CVE-2017-7229 was published May 17, 2022
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix... Critical Unreviewed
CVE-2017-7903 was published May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure... Critical Unreviewed
CVE-2015-0575 was published May 17, 2022
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback... Critical Unreviewed
CVE-2014-9975 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database