GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,738
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
65 advisories
Filter by severity
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker...
High
Unreviewed
CVE-2021-43989
was published
Dec 24, 2021
Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password...
Moderate
Unreviewed
CVE-2022-0022
was published
Mar 10, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
Moderate
Unreviewed
CVE-2022-23348
was published
Mar 22, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric...
Critical
Unreviewed
CVE-2022-25157
was published
Apr 3, 2022
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions...
High
Unreviewed
CVE-2022-25156
was published
Apr 3, 2022
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9...
High
Unreviewed
CVE-2021-26113
was published
Apr 7, 2022
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting...
High
Unreviewed
CVE-2001-0967
was published
Apr 30, 2022
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for...
Moderate
Unreviewed
CVE-2002-1657
was published
Apr 30, 2022
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the...
High
Unreviewed
CVE-2005-0408
was published
May 1, 2022
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local...
Low
Unreviewed
CVE-2006-1058
was published
May 1, 2022
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40...
Moderate
Unreviewed
CVE-2008-1526
was published
May 1, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ...
Moderate
Unreviewed
CVE-2022-24041
was published
May 11, 2022
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing...
High
Unreviewed
CVE-2019-0030
was published
May 13, 2022
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with...
High
Unreviewed
CVE-2019-3907
was published
May 13, 2022
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations...
High
Unreviewed
CVE-2019-7649
was published
May 13, 2022
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker...
Critical
Unreviewed
CVE-2019-6563
was published
May 13, 2022
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password...
Critical
Unreviewed
CVE-2018-10618
was published
May 13, 2022
Password recovery exploitation vulnerability in the non-certificate-based authentication...
Critical
Unreviewed
CVE-2017-3962
was published
May 13, 2022
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for...
Moderate
Unreviewed
CVE-2017-11131
was published
May 13, 2022
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and...
High
Unreviewed
CVE-2018-1447
was published
May 13, 2022
An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users...
Critical
Unreviewed
CVE-2018-15680
was published
May 13, 2022
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%...
High
Unreviewed
CVE-2018-9233
was published
May 13, 2022
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak...
High
Unreviewed
CVE-2020-16231
was published
May 20, 2022
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a...
Moderate
Unreviewed
CVE-2019-12737
was published
May 24, 2022
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05...
Critical
Unreviewed
CVE-2019-17216
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API