GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
High
CVE-2016-6485
was published
for
magento/community-edition
(Composer)
Nov 20, 2019
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Use of a Broken or Risky Cryptographic Algorithm
Low
CVE-2021-27913
was published
for
mautic/core
(Composer)
Sep 1, 2021
Laravel Framework XSS in Blade templating engine
Moderate
CVE-2021-43808
was published
for
illuminate/view
(Composer)
Dec 8, 2021
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7858
was published
for
magento/community-edition
(Composer)
May 24, 2022
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2016-5431
was published
for
gree/jose
(Composer)
May 24, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
High
CVE-2022-31158
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
PHP Censor uses a weak hashing algorithm for the remember me key
Moderate
CVE-2024-34914
was published
for
php-censor/php-censor
(Composer)
May 14, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
fuel/core Crypt encryption compromised.
Moderate
GHSA-fgrx-4637-fcf5
was published
for
fuel/core
(Composer)
May 15, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm
High
CVE-2024-51478
was published
for
yeswiki/yeswiki
(Composer)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API