GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Insecure Cryptography Algorithm in parsel
Critical
GHSA-wqgx-4q47-j2w5
was published
for
parsel
(npm)
Sep 4, 2020
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt
Moderate
CVE-2020-7689
was published
for
bcrypt
(npm)
Aug 20, 2020
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Elliptic Uses a Broken or Risky Cryptographic Algorithm
Moderate
CVE-2020-28498
was published
for
elliptic
(npm)
Mar 8, 2021
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
DeviceFarmer stf uses DES-ECB
Critical
CVE-2023-51839
was published
for
@devicefarmer/stf
(npm)
Jan 29, 2024
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
CVE-2023-51838
was published
for
meshcentral
(npm)
Feb 2, 2024
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
jsonwebtoken unrestricted key type could lead to legacy keys usage
High
CVE-2022-23539
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
ProTip!
Advisories are also available from the
GraphQL API