GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,942
Erlang
39
GitHub Actions
38
Go
2,599
Maven
5,000+
npm
4,249
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
DragonFly has weak integrity checks for downloaded files
Moderate
CVE-2025-59354
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Mattermost makes Use of Weak Hash
Moderate
CVE-2025-9078
was published
for
github.com/mattermost/mattermost-server
(Go)
Sep 15, 2025
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak...
Moderate
Unreviewed
CVE-2025-54535
was published
Jul 28, 2025
The application uses a weak password hash function, allowing an attacker to crack the weak...
Moderate
Unreviewed
CVE-2025-49197
was published
Jun 12, 2025
Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data...
Moderate
Unreviewed
CVE-2024-23589
was published
May 30, 2025
IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6...
Moderate
Unreviewed
CVE-2024-38341
was published
May 28, 2025
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
Moderate
CVE-2024-47829
was published
for
pnpm
(npm)
Apr 23, 2025
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4...
Moderate
Unreviewed
CVE-2025-3576
was published
Apr 15, 2025
Jujutsu does not have SHA-1 collision detection
Moderate
GHSA-794x-2rpg-rfgr
was published
for
jj-cli
(Rust)
Apr 7, 2025
gitoxide does not detect SHA-1 collision attacks
Moderate
CVE-2025-31130
was published
for
gitoxide
(Rust)
Apr 4, 2025
SageMaker Workflow component allows possibility of MD5 hash collisions
Moderate
CVE-2025-0508
was published
for
sagemaker
(pip)
Mar 20, 2025
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote...
Moderate
Unreviewed
CVE-2024-10026
was published
Jan 30, 2025
Web installer integrity check used weak hash algorithm. The following products are affected:...
Moderate
Unreviewed
CVE-2024-56414
was published
Jan 2, 2025
Beego has Collision Hazards of MD5 in Cache Key Filenames
Moderate
CVE-2024-55885
was published
for
github.com/beego/beego
(Go)
Dec 12, 2024
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Moderate
CVE-2024-48924
was published
for
MessagePack
(NuGet)
Oct 17, 2024
Certain switch models from PLANET Technology use an insecure hashing function to hash user...
Moderate
Unreviewed
CVE-2024-8453
was published
Sep 30, 2024
An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to...
Moderate
Unreviewed
CVE-2024-32211
was published
May 1, 2024
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can...
Moderate
Unreviewed
CVE-2024-1040
was published
Feb 2, 2024
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware...
Moderate
Unreviewed
CVE-2023-5962
was published
Dec 23, 2023
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE...
Moderate
Unreviewed
CVE-2023-44319
was published
Nov 14, 2023
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could...
Moderate
Unreviewed
CVE-2022-43922
was published
Feb 1, 2023
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak...
Moderate
Unreviewed
CVE-2023-0452
was published
Jan 26, 2023
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse...
Moderate
Unreviewed
CVE-2022-3433
was published
Oct 11, 2022
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An...
Moderate
Unreviewed
CVE-2022-29835
was published
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API