Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier... Moderate Unreviewed
CVE-2014-2354 was published May 17, 2022
NeuVector has an insecure password storage vulnerable to rainbow attack Moderate
CVE-2025-53884 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona... Moderate Unreviewed
CVE-2024-7701 was published Dec 15, 2024
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara... High Unreviewed
CVE-2025-3937 was published May 22, 2025
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low... Moderate Unreviewed
CVE-2025-24340 was published Apr 30, 2025
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can... High Unreviewed
CVE-2022-47732 was published Jan 20, 2023
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed... High Unreviewed
CVE-2025-2265 was published Mar 13, 2025
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash... Moderate Unreviewed
CVE-2023-33838 was published Jan 29, 2025
AMI Megarac Weak password hashes for Redfish & API Moderate Unreviewed
CVE-2022-40258 was published Jan 31, 2023
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort'... Critical Unreviewed
CVE-2024-5743 was published Jan 13, 2025
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements... Moderate Unreviewed
CVE-2024-55057 was published Dec 17, 2024
Liferay Portal defaults to a low work factor for the default password hashing algorithm High
CVE-2024-25607 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) Feb 20, 2024
In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the... Critical Unreviewed
CVE-2020-12069 was published Dec 26, 2022
Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to... High Unreviewed
CVE-2024-23091 was published Jul 30, 2024
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A... High Unreviewed
CVE-2019-20466 was published May 24, 2022
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the... High Unreviewed
CVE-2024-3183 was published Jun 12, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could... Unknown Unreviewed
CVE-2024-24553 was published Jun 24, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting... Low Unreviewed
CVE-2024-21754 was published Jun 11, 2024
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating... Critical Unreviewed
CVE-2019-19735 was published May 24, 2022
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an... High Unreviewed
CVE-2023-31412 was published Aug 24, 2023
PiiGAB M-Bus stores passwords using a weak hash algorithm. Critical Unreviewed
CVE-2023-34433 was published Jul 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database