GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
41 advisories
Filter by severity
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against...
Critical
Unreviewed
CVE-2026-50086
was published
Jun 12, 2026
Insecure generation of credentials in the local SAT (Technical Support) access functionality of...
Critical
Unreviewed
CVE-2026-8072
was published
May 12, 2026
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+,...
Critical
Unreviewed
CVE-2026-28252
was published
Mar 12, 2026
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and...
Critical
Unreviewed
CVE-2025-13476
was published
Mar 5, 2026
An authentication bypass vulnerability exists in Copeland XWEB Pro
version 1.12.1 and prior,...
Critical
Unreviewed
CVE-2026-21718
was published
Feb 27, 2026
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The...
Critical
Unreviewed
CVE-2026-26219
was published
Feb 12, 2026
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate...
Critical
Unreviewed
CVE-2025-69929
was published
Jan 29, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud...
Critical
Unreviewed
CVE-2026-22585
was published
Jan 24, 2026
An unauthenticated remote attacker could exploit the used, insecure TLS 1.0 and TLS 1.1 protocols...
Critical
Unreviewed
CVE-2025-3200
was published
Apr 28, 2025
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a...
Critical
Unreviewed
CVE-2022-3365
was published
Jan 28, 2025
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation...
Critical
Unreviewed
CVE-2024-0323
was published
Feb 5, 2024
An Improper Verification of Cryptographic Signature vulnerability in the update process of...
Critical
Unreviewed
CVE-2023-5347
was published
Jan 9, 2024
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of...
Critical
Unreviewed
CVE-2023-34039
was published
Aug 29, 2023
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to...
Critical
Unreviewed
CVE-2023-34130
was published
Jul 13, 2023
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs...
Critical
Unreviewed
CVE-2022-36937
was published
May 10, 2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by...
Critical
Unreviewed
CVE-2022-45141
was published
Mar 7, 2023
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three...
Critical
Unreviewed
CVE-2022-30273
was published
Jul 27, 2022
Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain...
Critical
Unreviewed
CVE-2022-34632
was published
Jul 19, 2022
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A...
Critical
Unreviewed
CVE-2022-31230
was published
Jun 29, 2022
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH...
Critical
Unreviewed
CVE-2021-36298
was published
May 24, 2022
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and...
Critical
Unreviewed
CVE-2020-36363
was published
May 24, 2022
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2....
Critical
Unreviewed
CVE-2021-31556
was published
May 24, 2022
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call...
Critical
Unreviewed
CVE-2019-25052
was published
May 24, 2022
Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX)...
Critical
Unreviewed
CVE-2021-22738
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API