GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,302
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an...
High
Unreviewed
CVE-2026-41879
was published
Jul 10, 2026
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords,...
Moderate
Unreviewed
CVE-2026-10540
was published
Jul 1, 2026
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to...
Moderate
Unreviewed
CVE-2026-13455
was published
Jun 30, 2026
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because...
Moderate
Unreviewed
CVE-2026-53692
was published
Jun 30, 2026
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing
Low
CVE-2026-48488
was published
for
phpmyfaq/phpmyfaq
(Composer)
Jun 23, 2026
motionEye: Authentication possible via password hash
Critical
CVE-2026-46488
was published
for
motioneye
(pip)
Jun 22, 2026
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
High
CVE-2026-54266
was published
for
@angular/common
(npm)
Jun 15, 2026
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password,...
Critical
Unreviewed
CVE-2026-36182
was published
Jun 4, 2026
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows...
Critical
Unreviewed
CVE-2020-37168
was published
May 13, 2026
Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
Low
CVE-2026-44582
was published
for
next
(npm)
May 11, 2026
Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths
Low
GHSA-3g92-f9ch-qjcm
was published
for
p3-symmetric
(Rust)
Apr 16, 2026
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric...
Moderate
Unreviewed
CVE-2026-21717
was published
Mar 30, 2026
Poseidon V1 variable-length input collision via implicit zero-padding
High
CVE-2026-32129
was published
for
soroban-poseidon
(Rust)
Mar 13, 2026
An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi...
Moderate
Unreviewed
CVE-2025-41762
was published
Mar 9, 2026
Flowise has Insufficient Password Salt Rounds
Moderate
CVE-2026-56272
was published
for
flowise
(npm)
Mar 5, 2026
@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script
High
GHSA-8986-v76q-8vr2
was published
for
@keep-network/tbtc-v2
(npm)
Mar 2, 2026
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5...
Moderate
Unreviewed
CVE-2026-27754
was published
Feb 27, 2026
OpenClaw replaced a deprecated sandbox hash algorithm
High
CVE-2026-28479
was published
for
openclaw
(npm)
Feb 19, 2026
EVE Seals Vault Key With SHA1 PCRs
Moderate
CVE-2023-43635
was published
for
github.com/lf-edge/eve
(Go)
Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts
Moderate
CVE-2023-43630
was published
for
github.com/lf-edge/eve
(Go)
Feb 4, 2026
DragonFly has weak integrity checks for downloaded files
Moderate
CVE-2025-59354
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Mattermost makes Use of Weak Hash
Moderate
CVE-2025-9078
was published
for
github.com/mattermost/mattermost-server
(Go)
Sep 15, 2025
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak...
Moderate
Unreviewed
CVE-2025-54535
was published
Jul 28, 2025
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e...
High
Unreviewed
CVE-2025-41256
was published
Jun 26, 2025
ProTip!
Advisories are also available from the
GraphQL API