GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,251
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to...
High
Unreviewed
CVE-2024-23091
was published
Jul 30, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could...
Unknown
Unreviewed
CVE-2024-24553
was published
Jun 24, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the...
High
Unreviewed
CVE-2024-3183
was published
Jun 12, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting...
Low
Unreviewed
CVE-2024-21754
was published
Jun 11, 2024
Serverpod improved security for stored password hashes
Moderate
CVE-2024-29886
was published
for
serverpod_auth_server
(Pub)
Mar 28, 2024
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by...
Low
Unreviewed
CVE-2024-2365
was published
Mar 11, 2024
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3...
High
Unreviewed
CVE-2024-25607
was published
Feb 20, 2024
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the...
High
Unreviewed
CVE-2022-3010
was published
Jan 2, 2024
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers...
High
Unreviewed
CVE-2023-5846
was published
Nov 2, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an...
Moderate
Unreviewed
CVE-2022-47557
was published
Sep 19, 2023
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901....
Low
Unreviewed
CVE-2023-4986
was published
Sep 15, 2023
Buttercup allows attackers to obtain the hash of the master password
Moderate
CVE-2023-41646
was published
for
buttercup
(npm)
Sep 8, 2023
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an...
High
Unreviewed
CVE-2023-31412
was published
Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm.
Critical
Unreviewed
CVE-2023-34433
was published
Jul 7, 2023
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows...
High
Unreviewed
CVE-2023-33243
was published
Jun 15, 2023
Password Shucking Vulnerability
Moderate
CVE-2023-27580
was published
for
codeigniter4/shield
(Composer)
Mar 13, 2023
A use of password hash with insufficient computational effort vulnerability [CWE-916] in...
High
Unreviewed
CVE-2022-26115
was published
Feb 16, 2023
AMI Megarac Weak password hashes for Redfish & API
Moderate
Unreviewed
CVE-2022-40258
was published
Jan 31, 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can...
High
Unreviewed
CVE-2022-47732
was published
Jan 20, 2023
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the...
Critical
Unreviewed
CVE-2020-12069
was published
Dec 26, 2022
GraphQL queries can expose password hashes
Critical
GHSA-3p7g-wrgg-wq45
was published
for
ibexa/graphql
(Composer)
Nov 10, 2022
The application was vulnerable to an authenticated information disclosure, allowing...
Moderate
Unreviewed
CVE-2022-40295
was published
Nov 1, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API