GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
64 advisories
Filter by severity
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to...
High
Unreviewed
CVE-2024-23091
was published
Jul 30, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could...
Unknown
Unreviewed
CVE-2024-24553
was published
Jun 24, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the...
High
Unreviewed
CVE-2024-3183
was published
Jun 12, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting...
Low
Unreviewed
CVE-2024-21754
was published
Jun 11, 2024
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by...
Low
Unreviewed
CVE-2024-2365
was published
Mar 11, 2024
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3...
High
Unreviewed
CVE-2024-25607
was published
Feb 20, 2024
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers...
High
Unreviewed
CVE-2023-5846
was published
Nov 2, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an...
Moderate
Unreviewed
CVE-2022-47557
was published
Sep 19, 2023
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901....
Low
Unreviewed
CVE-2023-4986
was published
Sep 15, 2023
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an...
High
Unreviewed
CVE-2023-31412
was published
Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm.
Critical
Unreviewed
CVE-2023-34433
was published
Jul 7, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows...
High
Unreviewed
CVE-2023-33243
was published
Jun 15, 2023
A use of password hash with insufficient computational effort vulnerability [CWE-916] in...
High
Unreviewed
CVE-2022-26115
was published
Feb 16, 2023
AMI Megarac Weak password hashes for Redfish & API
Moderate
Unreviewed
CVE-2022-40258
was published
Jan 31, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can...
High
Unreviewed
CVE-2022-47732
was published
Jan 20, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the...
Critical
Unreviewed
CVE-2020-12069
was published
Dec 26, 2022
The application was vulnerable to an authenticated information disclosure, allowing...
Moderate
Unreviewed
CVE-2022-40295
was published
Nov 1, 2022
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes...
Moderate
Unreviewed
CVE-2022-29731
was published
Jun 3, 2022
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6...
High
Unreviewed
CVE-2021-32997
was published
May 26, 2022
Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA ...
Moderate
Unreviewed
CVE-2021-22741
was published
May 24, 2022
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered...
Moderate
Unreviewed
CVE-2021-38314
was published
May 24, 2022
In Digi RealPort through 4.8.488.0, authentication relies on a challenge-response mechanism that...
Critical
Unreviewed
CVE-2021-36767
was published
May 24, 2022
The user and password data base is exposed by an unprotected web server resource. Passwords are...
High
Unreviewed
CVE-2021-23855
was published
May 24, 2022
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the...
Moderate
Unreviewed
CVE-2021-38400
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API